what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-067
Posted Apr 7, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-067 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the primary QuickTime.qts library when parsing the BkPixPat opcode (0x12) within a PICT file. The application will use 2 fields within the file in a multiply which is then passed as an argument to an allocation. As both operands in the multiply are user-controllable, specific values can cause an under allocation which will later result in a heap overflow. Successful exploitation can lead to code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0529
MD5 | b7fb33bbe279978ab23ddfc921229b98
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Personal Data From Entire 16.6M Population Of Ecuador Leaked Online
Posted Sep 16, 2019

tags | headline, privacy, data loss
Uber Confirms Account Takeover Vulnerability
Posted Sep 16, 2019

tags | headline, hacker, privacy, flaw
iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
Posted Sep 16, 2019

tags | headline, phone, data loss, flaw, apple
198M Records Of Prospective Auto Buyers Leaked
Posted Sep 16, 2019

tags | headline, privacy, database, data loss
LastPass Bug Leaks Credentials From Previous Site
Posted Sep 16, 2019

tags | headline, data loss, flaw, password
Instagram Fixed Flaw That Links Account Info To PII
Posted Sep 13, 2019

tags | headline, hacker, privacy, data loss, flaw, facebook
France To Block Facebook's Libra Cryptocurrency In Europe
Posted Sep 13, 2019

tags | headline, government, bank, fraud, france, facebook, social, cryptography
InnfiRAT Malware Lurks To Steal Cryptocurrency Wallet Data
Posted Sep 13, 2019

tags | headline, malware, cybercrime, fraud, cryptography
Infosec Duo Cuffed After Physically Breaking Into Courthouse During IT Security Assessment
Posted Sep 13, 2019

tags | headline, hacker, government
New Simjacker Attack Exploited In The Wild To Track Users For At Least Two Years
Posted Sep 12, 2019

tags | headline, hacker, privacy, phone
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close