Lucene search
Andrea Micalizzi aka rgodZDI-14-264HistoryJul 23, 2014 - 12:00 a.m.
(0Day) Apple QuickTime 'mvhd' Atom Heap Memory Corruption Remote Code Execution Vulnerability
2014-07-2300:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
16
EPSS
0.396
Percentile
97.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ‘mvhd’ atom. By providing a malformed version and flags, an attacker is able to create controllable memory corruption, and trigger an arbitrary write operation. By exploiting this, an attacker could execute code in the context of the current user.
Related
prion
prion
Memory corruption
2014-07-26 11:11:00
kaspersky
kaspersky
KLA10442 DoS vulnerability in QuickTime
2014-07-26 00:00:00
nvd
nvd
CVE-2014-4979
2014-07-26 11:11:57
cvelist
cvelist
CVE-2014-4979
2014-07-26 10:00:00
cve
cve
CVE-2014-4979
2014-07-26 11:11:57
nessus
nessus
QuickTime < 7.7.6 Multiple Vulnerabilities (Windows)
2014-10-24 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2014-004)
2014-09-18 00:00:00
Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities
2014-09-18 00:00:00
securityvulns
securityvulns
APPLE-SA-2014-10-22-1 QuickTime 7.7.6
2014-10-27 00:00:00
Apple Quicktime multiple security vulnerabilities
2014-10-27 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (HT203092) - Windows
2017-12-14 00:00:00