Lucene search
Alin Rad PopZDI-12-077HistoryJun 06, 2012 - 12:00 a.m.
Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability
2012-06-0600:00:00
Alin Rad Pop
www.zerodayinitiative.com
17
EPSS
0.235
Percentile
96.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuickTimeVR.qtx component. A signedness error exists when processing a QTVRStringAtom having an overly large βstringLengthβ parameter. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code under the context of the user running the application.
References
Related
saint
saint
seebug
seebug
Apple QuickTime 7.7.2δΉεηζ¬QTVRζδ»ΆθΏη¨δ»£η ζ§θ‘ζΌζ΄
2012-05-19 00:00:00
Apple QuickTime 7.7.2δΉεηζ¬ε€δΈͺθΏη¨δ»»ζ代η ζ§θ‘ζΌζ΄
2012-05-17 00:00:00
cve
cve
CVE-2012-0667
2012-05-16 10:12:57
cvelist
cvelist
CVE-2012-0667
2012-05-16 01:00:00
securityvulns
securityvulns
ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability
2012-06-13 00:00:00
Apple QuickTime multiple security vulnerabilities
2012-08-27 00:00:00
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
2012-05-21 00:00:00
prion
prion
Integer overflow
2012-05-16 10:12:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2012-0667
2012-05-16 10:12:57
nessus
nessus
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities (Windows)
2012-05-16 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - Windows
2012-05-18 00:00:00
Apple QuickTime Multiple Vulnerabilities - (Windows)
2012-05-18 00:00:00