Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymouspa_kt / twitter.com/pa_kt / e1c14ba6ZDI-12-076
HistoryJun 06, 2012 - 12:00 a.m.

Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability

2012-06-0600:00:00
Anonymouspa_kt / twitter.com/pa_kt / e1c14ba6
www.zerodayinitiative.com
23

EPSS

0.595

Percentile

97.8%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple’s QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. This resulting length will then be used in a memcpy operation into a statically sized buffer allocated on the heap. This can lead to code execution under the context of the application.

Related

nvd 1
cve 1
securityvulns 4
cvelist 1
checkpoint_advisories 2
prion 1
nessus 5
openvas 4
nvd
nvd
CVE-2012-0659
2012-05-11 03:49:59
cve
cve
CVE-2012-0659
2012-05-11 03:49:59
securityvulns
securityvulns
ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability
2012-06-13 00:00:00
Apple QuickTime multiple security vulnerabilities
2012-08-27 00:00:00
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
2012-05-21 00:00:00
cvelist
cvelist
CVE-2012-0659
2012-05-11 01:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime MPEG Stream Padding Buffer Overflow (CVE-2012-0659)
2012-09-04 00:00:00
Apple QuickTime MPEG Stream Padding Code Execution (CVE-2012-0659)
2012-12-31 00:00:00
prion
prion
Integer overflow
2012-05-11 03:49:00
nessus
nessus
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities (Windows)
2012-05-16 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - Windows
2012-05-18 00:00:00
Apple QuickTime Multiple Vulnerabilities - (Windows)
2012-05-18 00:00:00
Mac OS X Multiple Vulnerabilities (2012-002)
2012-05-18 00:00:00

EPSS

0.595

Percentile

97.8%

JSON
Related for ZDI-12-076
nvd1cve1securityvulns4cvelist1checkpoint_advisories2prion1nessus5openvas4