CVE-2011-3459
Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
Error de superación de límite (off-by-one) en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un átomo rdrf manipulado en un archivo de película que provoca un desbordamiento de búfer.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the applicaiton.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-09-13 CVE Reserved
- 2012-02-02 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://support.apple.com/kb/HT5261 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | 2012-05-18 | |
http://lists.apple.com/archives/security-announce/2012/May/msg00005.html | 2012-05-18 | |
http://support.apple.com/kb/HT5130 | 2012-05-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.7.2 Search vendor "Apple" for product "Mac Os X" and version " <= 10.7.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.0 Search vendor "Apple" for product "Mac Os X" and version "10.6.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.1 Search vendor "Apple" for product "Mac Os X" and version "10.6.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.2 Search vendor "Apple" for product "Mac Os X" and version "10.6.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.3 Search vendor "Apple" for product "Mac Os X" and version "10.6.3" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.4 Search vendor "Apple" for product "Mac Os X" and version "10.6.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.5 Search vendor "Apple" for product "Mac Os X" and version "10.6.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.6 Search vendor "Apple" for product "Mac Os X" and version "10.6.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.7 Search vendor "Apple" for product "Mac Os X" and version "10.6.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.8 Search vendor "Apple" for product "Mac Os X" and version "10.6.8" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.7.0 Search vendor "Apple" for product "Mac Os X" and version "10.7.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.7.1 Search vendor "Apple" for product "Mac Os X" and version "10.7.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | <= 10.7.2 Search vendor "Apple" for product "Mac Os X Server" and version " <= 10.7.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.3 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.3" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.4 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.5 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.6 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.7 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.8 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.8" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.7.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.7.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.7.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.7.1" | - |
Affected
|