Lucene search
G. GeshevZDI-13-119HistoryJun 11, 2013 - 12:00 a.m.
Apple QuickTime FlashPix Parsing Remote Code Execution Vulnerability
2013-06-1100:00:00
G. Geshev
www.zerodayinitiative.com
17
EPSS
0.131
Percentile
95.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlashPix files. While parsing FlashPix files, a length is multiplied by four when allocating the buffer but is multiplied by eight when copying data into the buffer. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user currently logged in.
References
Related
cve
cve
CVE-2013-0988
2013-05-24 16:43:58
prion
prion
Buffer overflow
2013-05-24 16:43:00
cvelist
cvelist
CVE-2013-0988
2013-05-24 10:00:00
nvd
nvd
CVE-2013-0988
2013-05-24 16:43:58
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-07 00:00:00
Apple QuickTime Multiple Vulnerabilities - June13 (Windows)
2013-06-07 00:00:00
Apple Mac OS X Multiple Vulnerabilities - 02 (Jan 2014)
2014-01-20 00:00:00
securityvulns
securityvulns
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
2013-05-27 00:00:00
Apple QuickTime multiple security vulnerabilities
2013-05-27 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
nessus
nessus
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-28 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)
2013-05-23 00:00:00
kaspersky
kaspersky
KLA10017 Multiple vulnerabilities in Apple QuickTime
2013-05-22 00:00:00