Описание
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apple:quicktime:7.2:*:_mac_os_x_v10.3.9:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.2:*:_mac_os_x_v10.4.9:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.2:*:_mac_os_x_v10.5:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.2:*:windows_vista:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.2:*:windows_xp_sp2:*:*:*:*:*
EPSS
Процентиль: 85%
0.02349
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
почти 4 года назад
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
EPSS
Процентиль: 85%
0.02349
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-189