what you don't know can hurt you
Showing 1 - 2 of 2 RSS Feed

CVE-2011-3460

Status Candidate

Overview

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.

Related Files

Apple Security Advisory 2012-05-15-1
Posted May 16, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed.

tags | advisory, overflow
systems | apple, osx
advisories | CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2012-0265, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0663, CVE-2012-0664, CVE-2012-0665, CVE-2012-0666, CVE-2012-0667, CVE-2012-0668, CVE-2012-0669, CVE-2012-0670, CVE-2012-0671
MD5 | 07014229c16c6183664eddcf78288d37
Zero Day Initiative Advisory 12-058
Posted Apr 10, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3460
MD5 | 14ecb036c6d1be5820e0a605434c22be
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    11 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close