Lucene search
Moritz Jodeit of n.runs AGZDI-10-258HistoryDec 07, 2010 - 12:00 a.m.
Apple QuickTime 3GP Parsing Remote Code Execution Vulnerability
2010-12-0700:00:00
Moritz Jodeit of n.runs AG
www.zerodayinitiative.com
15
EPSS
0.073
Percentile
94.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Quicktime.qts module responsible for parsing media files. While handling 3GP streams a function within this module a loop trusts a value directly from the media file and uses it during memory copy operations. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user accessing the file.
References
Related
nvd
nvd
CVE-2010-1508
2010-12-09 20:00:16
securityvulns
securityvulns
Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability
2010-12-12 00:00:00
About the security content of QuickTime 7.6.9
2010-12-12 00:00:00
Apple QuickTime multiple security vulnerabilities
2011-07-04 00:00:00
cvelist
cvelist
CVE-2010-1508
2010-12-09 19:00:00
prion
prion
Heap overflow
2010-12-09 20:00:00
cve
cve
CVE-2010-1508
2010-12-09 20:00:16
openvas
openvas
Apple QuickTime Multiple vulnerabilities - Dec10 (Windows)
2010-12-29 00:00:00
Apple QuickTime Multiple Vulnerabilities (Dec 2010) - Windows
2010-12-29 00:00:00
nessus
nessus
QuickTime < 7.6.9 Multiple Vulnerabilities
2010-12-07 00:00:00
QuickTime < 7.6.9 Multiple Vulnerabilities (Windows)
2010-12-07 00:00:00
QuickTime < 7.6.9 Multiple Vulnerabilities
2010-12-07 00:00:00