#VU5871 Heap-based buffer overflow in Apple QuickTime
Published: February 20, 2017 / Updated: March 9, 2017
Vulnerability identifier: #VU5871
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Red
CVE-ID: N/A
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple QuickTime
Apple QuickTime
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows remote attackers to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing media files. A remote attacker can create a media file with specially crafted moov atom field, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to heap-based buffer overflow when processing media files. A remote attacker can create a media file with specially crafted moov atom field, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
The vendor will not release a security patch. We recommend removing this software from your systems.