Kaspersky LabKLA10017KLA10017 Multiple vulnerabilities in Apple QuickTime
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.969 High
EPSS
Percentile
99.7%
Multiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.
Vectors related to unknown applications can be exploited to execute arbitrary code or cause denial of service via specially designed TeXML, FPX, MP3 or QTIF files; dref, enof or mvhd atoms; or a movie file with H.263, H.264, Sorenson encodings or containing specially designed JPEG data.
Original advisories
Related products
CVE list
CVE-2013-0987 critical
CVE-2013-0989 critical
CVE-2013-1021 critical
CVE-2013-0986 critical
CVE-2013-1018 critical
CVE-2013-1019 critical
CVE-2013-1017 critical
CVE-2013-1015 critical
CVE-2013-0988 critical
CVE-2013-1016 critical
CVE-2013-1020 critical
CVE-2013-1022 critical
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Apple QuickTime versions 7.7.3 and earlier
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.969 High
EPSS
Percentile
99.7%