CVE-2010-0062
Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.
Desbordamiento de búfer basado en memoria dinámica en CoreMedia y QuickTime en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a usuarios remtos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de video modificado con una codificación H.263.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page.
The specific flaw exists within the parsing of H.263 media files. The code within QuickTime trusts various values from MDAT structures and uses them during operations on heap memory. By crafting specific values the corruption can be leveraged to execute remote code under the context of the user running the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-15 CVE Reserved
- 2010-03-30 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/510510/100/0/threaded | Mailing List | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-036 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6626 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | 2018-10-10 | |
| http://support.apple.com/kb/HT4077 | 2018-10-10 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.0 Search vendor "Apple" for product "Mac Os X" and version "10.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.1 Search vendor "Apple" for product "Mac Os X" and version "10.6.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.2 Search vendor "Apple" for product "Mac Os X" and version "10.6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.2" | - |
Affected
| ||||||