Apple QuickTime Buffer Overflow Vulnerability

vendor:

QuickTime

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: QuickTime

Affected Version From: QuickTime 6.5.2

Affected Version To: QuickTime 7.0.3

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Apple QuickTime Buffer Overflow Vulnerability

Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. An attacker may be able to exploit this issue to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Unsuccessful exploit attempts will most likely crash the application.

Mitigation:

Upgrade to the latest version of QuickTime.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16212/info

Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers.

An attacker may be able to exploit this issue to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. Unsuccessful exploit attempts will most likely crash the application.

This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed.

This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27069.jpg