Lucene search
Tom Gallagher & Paul BatesZDI-14-046HistoryApr 03, 2014 - 12:00 a.m.
Apple QuickTime dref Atom Remote Code Execution Vulnerability
2014-04-0300:00:00
Tom Gallagher & Paul Bates
www.zerodayinitiative.com
18
0.027 Low
EPSS
Percentile
90.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dref atom. It is possible for an attacker to nest atoms within the dref atom that have sizes larger than the enclosing atom. By leveraging this vulnerability, an attacker can execute arbitrary code in the context of the current user.
References
Related
prion
prion
Memory corruption
2014-02-27 01:55:00
cvelist
cvelist
CVE-2014-1247
2014-02-27 01:00:00
nvd
nvd
CVE-2014-1247
2014-02-27 01:55:03
cve
cve
CVE-2014-1247
2014-02-27 01:55:03
nessus
nessus
Apple Quicktime 7.7.5 Multiple Vulnerabilities
2014-02-26 00:00:00
Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities (deprecated)
2014-02-26 00:00:00
QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
2014-02-26 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (Mar 2014) - Windows
2014-03-04 00:00:00
Apple Mac OS X Multiple Vulnerabilities -04 (Sep 2014)
2014-09-22 00:00:00
kaspersky
kaspersky
KLA10016 Multiple vulnerabilities in Apple QuickTime
2014-02-25 00:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2014-02-28 00:00:00
APPLE-SA-2014-02-25-3 QuickTime 7.7.5
2014-02-28 00:00:00
Apple Mac OS X multiple security vulnerabilities
2014-02-28 00:00:00
seebug
seebug
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
2014-02-26 00:00:00