CVE-2011-0257
Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
Error de signo de entero en Apple QuickTime anterior a v7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un código de operación PnSize manipulado en un archivo PICT provocando un desbordamiento de búfer basado en pila.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value. This value is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user.
*Credits:
Matt "j00ru" Jurczyk
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-12-23 CVE Reserved
- 2011-08-08 CVE Published
- 2011-09-03 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/8365 | Third Party Advisory | |
| http://zerodayinitiative.com/advisories/ZDI-11-252 | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17777 | 2011-09-03 | |
| http://www.exploit-db.com/exploits/17777 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.apple.com/kb/HT4826 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | <= 7.6.9 Search vendor "Apple" for product "Quicktime" and version " <= 7.6.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.0.0 Search vendor "Apple" for product "Quicktime" and version "7.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.0.1 Search vendor "Apple" for product "Quicktime" and version "7.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.0.2 Search vendor "Apple" for product "Quicktime" and version "7.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.0.3 Search vendor "Apple" for product "Quicktime" and version "7.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.0.4 Search vendor "Apple" for product "Quicktime" and version "7.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.0 Search vendor "Apple" for product "Quicktime" and version "7.1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.1 Search vendor "Apple" for product "Quicktime" and version "7.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.2 Search vendor "Apple" for product "Quicktime" and version "7.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.3 Search vendor "Apple" for product "Quicktime" and version "7.1.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.4 Search vendor "Apple" for product "Quicktime" and version "7.1.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.5 Search vendor "Apple" for product "Quicktime" and version "7.1.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.1.6 Search vendor "Apple" for product "Quicktime" and version "7.1.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2.0 Search vendor "Apple" for product "Quicktime" and version "7.2.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2.1 Search vendor "Apple" for product "Quicktime" and version "7.2.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.3.0 Search vendor "Apple" for product "Quicktime" and version "7.3.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.3.1 Search vendor "Apple" for product "Quicktime" and version "7.3.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.3.1.70 Search vendor "Apple" for product "Quicktime" and version "7.3.1.70" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.4.0 Search vendor "Apple" for product "Quicktime" and version "7.4.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.4.1 Search vendor "Apple" for product "Quicktime" and version "7.4.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.4.5 Search vendor "Apple" for product "Quicktime" and version "7.4.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.5.0 Search vendor "Apple" for product "Quicktime" and version "7.5.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.5.5 Search vendor "Apple" for product "Quicktime" and version "7.5.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.0 Search vendor "Apple" for product "Quicktime" and version "7.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.1 Search vendor "Apple" for product "Quicktime" and version "7.6.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.2 Search vendor "Apple" for product "Quicktime" and version "7.6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.5 Search vendor "Apple" for product "Quicktime" and version "7.6.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.6 Search vendor "Apple" for product "Quicktime" and version "7.6.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.7 Search vendor "Apple" for product "Quicktime" and version "7.6.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.6.8 Search vendor "Apple" for product "Quicktime" and version "7.6.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.66.71.0 Search vendor "Apple" for product "Quicktime" and version "7.66.71.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.67.75.0 Search vendor "Apple" for product "Quicktime" and version "7.67.75.0" | - |
Affected
| ||||||