Lucene search
Tom Gallagher & Paul BatesZDI-14-325HistorySep 22, 2014 - 12:00 a.m.
Apple QuickTime mdat Atom Heap Buffer Overflow Remote Code Execution Vulnerability
2014-09-2200:00:00
Tom Gallagher & Paul Bates
www.zerodayinitiative.com
13
EPSS
0.04
Percentile
92.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE encoded data in the mdat atom. An attacker can use this flaw to write outside the allocated buffer, which could allow for the execution of arbitrary code in the context of the current process.
References
Related
prion
prion
Memory corruption
2014-09-19 10:55:00
nvd
nvd
CVE-2014-1391
2014-09-19 10:55:03
cve
cve
CVE-2014-1391
2014-09-19 10:55:03
cvelist
cvelist
CVE-2014-1391
2014-09-19 10:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (HT203092) - Windows
2017-12-14 00:00:00
Apple Mac OS X Multiple Vulnerabilities-05 (Oct 2015)
2015-10-29 00:00:00
securityvulns
securityvulns
Apple Quicktime multiple security vulnerabilities
2014-10-27 00:00:00
APPLE-SA-2014-10-22-1 QuickTime 7.7.6
2014-10-27 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
nessus
nessus
QuickTime < 7.7.6 Multiple Vulnerabilities (Windows)
2014-10-24 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2014-004)
2014-09-18 00:00:00
Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities
2014-09-18 00:00:00