Lucene search
Tom Gallagher & Paul BatesZDI-14-047HistoryApr 03, 2014 - 12:00 a.m.
Apple QuickTime stsz Atom Remote Code Execution Vulnerability
2014-04-0300:00:00
Tom Gallagher & Paul Bates
www.zerodayinitiative.com
21
0.037 Low
EPSS
Percentile
91.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the stsz atom. By providing a malicious value inside of the stsz atom, an attacker is able to influence the destination of a data write. An attacker could use this vulnerability to execute arbitrary code in the context of the viewing user.
References
Related
cvelist
cvelist
CVE-2014-1245
2014-02-27 01:00:00
nvd
nvd
CVE-2014-1245
2014-02-27 01:55:03
prion
prion
Integer overflow
2014-02-27 01:55:00
cve
cve
CVE-2014-1245
2014-02-27 01:55:03
nessus
nessus
Apple Quicktime 7.7.5 Multiple Vulnerabilities
2014-02-26 00:00:00
Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities (deprecated)
2014-02-26 00:00:00
QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
2014-02-26 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (Mar 2014) - Windows
2014-03-04 00:00:00
Apple Mac OS X Multiple Vulnerabilities -04 (Sep 2014)
2014-09-22 00:00:00
kaspersky
kaspersky
KLA10016 Multiple vulnerabilities in Apple QuickTime
2014-02-25 00:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2014-02-28 00:00:00
APPLE-SA-2014-02-25-3 QuickTime 7.7.5
2014-02-28 00:00:00
Apple Mac OS X multiple security vulnerabilities
2014-02-28 00:00:00
seebug
seebug
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
2014-02-26 00:00:00