CVE-2011-3459
Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
Error de superación de límite (off-by-one) en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un átomo rdrf manipulado en un archivo de película que provoca un desbordamiento de búfer.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the applicaiton.
*Credits:
Luigi Auriemma
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-09-13 CVE Reserved
- 2012-02-02 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://support.apple.com/kb/HT5261 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html | 2012-05-18 | |
| http://lists.apple.com/archives/security-announce/2012/May/msg00005.html | 2012-05-18 | |
| http://support.apple.com/kb/HT5130 | 2012-05-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.7.2 Search vendor "Apple" for product "Mac Os X" and version " <= 10.7.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.0 Search vendor "Apple" for product "Mac Os X" and version "10.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.1 Search vendor "Apple" for product "Mac Os X" and version "10.6.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.2 Search vendor "Apple" for product "Mac Os X" and version "10.6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.3 Search vendor "Apple" for product "Mac Os X" and version "10.6.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.4 Search vendor "Apple" for product "Mac Os X" and version "10.6.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.5 Search vendor "Apple" for product "Mac Os X" and version "10.6.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.6 Search vendor "Apple" for product "Mac Os X" and version "10.6.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.7 Search vendor "Apple" for product "Mac Os X" and version "10.6.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.6.8 Search vendor "Apple" for product "Mac Os X" and version "10.6.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.7.0 Search vendor "Apple" for product "Mac Os X" and version "10.7.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.7.1 Search vendor "Apple" for product "Mac Os X" and version "10.7.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | <= 10.7.2 Search vendor "Apple" for product "Mac Os X Server" and version " <= 10.7.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.3 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.4 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.5 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.6 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.7 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.6.8 Search vendor "Apple" for product "Mac Os X Server" and version "10.6.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.7.0 Search vendor "Apple" for product "Mac Os X Server" and version "10.7.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.7.1 Search vendor "Apple" for product "Mac Os X Server" and version "10.7.1" | - |
Affected
| ||||||