Описание
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.6.7 (включая)
Одно из
cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03838
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file.
EPSS
Процентиль: 88%
0.03838
Низкий
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other