Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:6DF156E9EFE0A2BBF8BF1309051A7F7C
HistoryAug 01, 2013 - 12:00 a.m.

QuickTime Movie File dref Atom Handling Buffer Overflow

2013-08-0100:00:00
SAINT Corporation
www.saintcorporation.com
11

0.969 High

EPSS

Percentile

99.7%

JSON

Added: 08/01/2013
CVE: CVE-2013-1017
BID: 60097
OSVDB: 93625

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote attacker who persuades a vulnerable user to open a movie file with specially crafted **dref** atoms could execute arbitrary code with the rights of the compromised user.

Resolution

Upgrade to Apple QuickTime 7.7.4 or later.

References

<http://support.apple.com/kb/HT5770&gt;

Limitations

This exploit was tested against Apple QuickTime 7.7.3 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8.

Platforms

Windows

Related

cve 1
zdi 1
packetstorm 1
seebug 1
saint 3
checkpoint_advisories 1
cvelist 1
nvd 1
zdt 1
prion 1
kaspersky 1
nessus 3
securityvulns 2
openvas 2
cve
cve
CVE-2013-1017
2013-05-24 16:43:58
zdi
zdi
Apple QuickTime dref Volume Name Parsing Remote Code Execution Vulnerability
2013-05-30 00:00:00
packetstorm
packetstorm
Apple Quicktime 7 Invalid Atom Length Buffer Overflow
2013-07-18 00:00:00
seebug
seebug
Apple QuickTime η•Έε½’MOVζ–‡δ»Άε€„η†ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž(CVE-2013-1017)
2013-08-05 00:00:00
saint
saint
QuickTime Movie File dref Atom Handling Buffer Overflow
2013-08-01 00:00:00
QuickTime Movie File dref Atom Handling Buffer Overflow
2013-08-01 00:00:00
QuickTime Movie File dref Atom Handling Buffer Overflow
2013-08-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime alis Volume Name Parsing Stack Buffer Overflow (CVE-2013-1017)
2013-09-22 00:00:00
cvelist
cvelist
CVE-2013-1017
2013-05-24 10:00:00
nvd
nvd
CVE-2013-1017
2013-05-24 16:43:58
zdt
zdt
Apple Quicktime 7 Invalid Atom Length Buffer Overflow Vulnerability
2013-07-19 00:00:00
prion
prion
Buffer overflow
2013-05-24 16:43:00
kaspersky
kaspersky
KLA10017 Multiple vulnerabilities in Apple QuickTime
2013-05-22 00:00:00
nessus
nessus
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows) (deprecated)
2013-05-23 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-28 00:00:00
QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
2013-05-23 00:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
2013-05-27 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - June13 (Windows)
2013-06-07 00:00:00
Apple QuickTime Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-07 00:00:00

0.969 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:6DF156E9EFE0A2BBF8BF1309051A7F7C
cve1zdi1packetstorm1seebug1saint3checkpoint_advisories1cvelist1nvd1zdt1prion1kaspersky1nessus3securityvulns2openvas2