Lucene search
AnonymousZDI-10-042HistoryApr 02, 2010 - 12:00 a.m.
Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability
2010-04-0200:00:00
Anonymous
www.zerodayinitiative.com
16
EPSS
0.06
Percentile
93.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed MediaVideo data from a sample description atom (STSD). The application will read a length from the file, subtract 1 and then use it as a counter for a loop. Certain values may cause memory corruption and can result in code execution under the context of the current user.
References
Related
nvd
nvd
CVE-2010-0528
2010-03-31 18:30:00
cvelist
cvelist
CVE-2010-0528
2010-03-31 18:00:00
prion
prion
Memory corruption
2010-03-31 18:30:00
securityvulns
securityvulns
ZDI-10-042: Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability
2010-04-05 00:00:00
Apple QuickTime/iTunes multiple security vulnerabilities
2010-04-12 00:00:00
cve
cve
CVE-2010-0528
2010-03-31 18:30:00
openvas
openvas
Apple QuickTime Multiple Denial Of Service Vulnerabilities - Windows
2010-04-06 00:00:00
Apple QuickTime Multiple Denial Of Service Vulnerabilities (Windows)
2010-04-06 00:00:00
nessus
nessus
QuickTime < 7.6.6 Multiple Vulnerabilities
2009-03-31 00:00:00
QuickTime < 7.6.6 Multiple Vulnerabilities
2009-03-31 00:00:00
QuickTime < 7.6.6 Multiple Vulnerabilities (Windows)
2010-03-31 00:00:00