Описание
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
Ссылки
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0.2 (включая)
Одно из
cpe:2.3:a:apple:quicktime:*:*:windows:*:*:*:*:*
cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
EPSS
Процентиль: 80%
0.01442
Низкий
5.1 Medium
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
почти 4 года назад
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
EPSS
Процентиль: 80%
0.01442
Низкий
5.1 Medium
CVSS2
Дефекты
CWE-189