Heap-based buffer overflow in Apple QuickTime - #VU5872
Published: February 20, 2017 / Updated: March 9, 2017
Vulnerability identifier: #VU5872
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Red
CVE-ID: N/A
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple QuickTime
Apple QuickTime
Detailed vulnerability description
The vulnerability allows remote attackers to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing media files. A remote attacker can create a media file with specially crafted moov atom field, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to heap-based buffer overflow when processing media files. A remote attacker can create a media file with specially crafted moov atom field, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
The vendor will not release a security patch. We recommend removing this software from your systems.