CVE-2011-3222

Related Files

Apple Security Advisory 2011-10-26-1

Posted Oct 28, 2011

Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution

systems | apple

advisories | CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3218, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251

SHA-256 | 151e9a6bdb019b931ecf77d87bbf59eb16ed9d92b2e975ee1c0e5a7b931ccf76

Download | Favorite | View

Zero Day Initiative Advisory 11-295

Posted Oct 19, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles flashpix files. When a flashpix contains a tile that has a Compression Type 0x2 (JPEG) and an 'JPEG tables selector' value that is bigger then the global stream property 'Maximum JPEG table index', Quicktime will write outside the global JPEG table. This corruption could lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution

systems | apple

advisories | CVE-2011-3222

SHA-256 | 2cf19827a903dff6a72cc3f52cd9a7825b3bdf665e3eb3509ca7d78cfd35a2f0

Download | Favorite | View