CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.3%
Added: 05/24/2006
CVE: CVE-2006-1460
BID: 17953
OSVDB: 25509
QuickTime is a media player for Windows and Mac OS platforms.
A buffer overflow in QuickTime allows command execution by a specially crafted Movie (MOV) file containing a long udta Atom.
Upgrade to QuickTime 7.1 or higher.
<http://docs.info.apple.com/article.html?artnum=303752>
Successful exploitation requires a user to save the movie file and open it in QuickTime. Exploit works on QuickTime 7.0.4. Due to the nature of the vulnerability, the success of the exploit depends on the state of the system.
Windows