Lucene search
Jaanus Kp - Clarified SecurityZDI-16-002HistoryJan 08, 2016 - 12:00 a.m.
Apple QuickTime ID3 Tag Heap Buffer Overflow Remote Code Execution Vulnerability
2016-01-0800:00:00
Jaanus Kp - Clarified Security
www.zerodayinitiative.com
8
0.023 Low
EPSS
Percentile
89.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ID3 version tags in MP3 files. By providing a malformed TXXX frame, an attacker can cause data to be written past the end of an allocated heap buffer. An attacker could leverage this to execute arbitrary code under the context of the current user.
References
Related
cve
cve
prion
prion
Memory corruption
2016-01-09 02:59:00
Memory corruption
2016-01-09 02:59:00
Memory corruption
2016-01-09 02:59:00
nvd
nvd
cvelist
cvelist
nessus
nessus
Apple QuickTime < 7.7.9 Multiple Vulnerabilities
2016-04-20 00:00:00
Apple QuickTime < 7.7.9 Multiple RCE (Windows)
2016-01-11 00:00:00
apple
apple
About the security content of QuickTime 7.7.9 - Apple Support
2016-01-07 09:26:11
About the security content of QuickTime 7.7.9
2016-01-07 00:00:00
kaspersky
kaspersky
KLA10731 Multiple vulnerabilities in Apple QuickTime
2016-01-07 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (Jan 2016) - Windows
2016-01-18 00:00:00