Lucene search
AnonymousDamian PutZDI-09-063HistorySep 10, 2009 - 12:00 a.m.
Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability
2009-09-1000:00:00
AnonymousDamian Put
www.zerodayinitiative.com
14
EPSS
0.593
Percentile
97.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.
References
Related
prion
prion
Heap overflow
2009-09-10 21:30:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime H.264 Movie File Buffer Overflow (CVE-2009-2799)
2010-04-08 00:00:00
cvelist
cvelist
CVE-2009-2799
2009-09-10 21:00:00
nvd
nvd
CVE-2009-2799
2009-09-10 21:30:01
cve
cve
CVE-2009-2799
2009-09-10 21:30:01
nessus
nessus
QuickTime < 7.6.4 Multiple Vulnerabilities (Mac OS X)
2009-09-10 00:00:00
QuickTime < 7.6.4 Multiple Vulnerabilities (Windows)
2009-09-10 00:00:00
QuickTime < 7.6.4 Multiple Vulnerabilities
2009-09-10 00:00:00
securityvulns
securityvulns
About the security content of QuickTime 7.6.4
2009-09-11 00:00:00
Apple QuickTime multiple security vulnerabilities
2009-09-11 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - Sep09
2009-09-11 00:00:00
Apple QuickTime Multiple Vulnerabilities (Sep 2009)
2009-09-11 00:00:00
Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
2010-05-12 00:00:00