Lucene search
Chkr_d591ZDI-11-256HistoryAug 16, 2011 - 12:00 a.m.
Apple Quicktime Media Link src Parameter Remote Code Execution Vulnerability
2011-08-1600:00:00
Chkr_d591
www.zerodayinitiative.com
11
0.01 Low
EPSS
Percentile
83.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime parses Quicktime Media Link (.qtl) files. The code which parses the .qtl parameter files fails to properly validate the size of the src parameter before copying it into a fixed length stack buffer. By supplying an overly long value for the src parameter, an attacker can leverage this flaw to execute malicious code within the context of the browser.
References
Related
nvd
nvd
CVE-2011-0248
2011-08-04 02:45:32
securityvulns
securityvulns
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability
2011-08-17 00:00:00
APPLE-SA-2011-08-03-1 QuickTime 7.7
2011-08-05 00:00:00
Apple QuickTime multiple security vulnerabilities
2011-09-05 00:00:00
prion
prion
Stack overflow
2011-08-04 02:45:00
cvelist
cvelist
CVE-2011-0248
2022-10-03 16:15:20
cve
cve
CVE-2011-0248
2022-10-03 16:15:20
openvas
openvas
Apple QuickTime Multiple Buffer Overflow Vulnerabilities - Windows
2011-08-18 00:00:00
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
2011-08-18 00:00:00
nessus
nessus
QuickTime < 7.7 Multiple Vulnerabilities
2011-08-04 00:00:00
QuickTime < 7.7 Multiple Vulnerabilities
2011-08-04 00:00:00
QuickTime < 7.7 Multiple Vulnerabilities (Windows)
2011-08-04 00:00:00
seebug
seebug
Apple QuickTime存在多个安全漏洞
2011-08-06 00:00:00