// For flags

CVE-2011-3459

Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

Error de superación de límite (off-by-one) en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un átomo rdrf manipulado en un archivo de película que provoca un desbordamiento de búfer.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the applicaiton.

*Credits: Luigi Auriemma
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-09-13 CVE Reserved
  • 2012-02-02 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-11-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
<= 10.7.2
Search vendor "Apple" for product "Mac Os X" and version " <= 10.7.2"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.0
Search vendor "Apple" for product "Mac Os X" and version "10.6.0"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.1
Search vendor "Apple" for product "Mac Os X" and version "10.6.1"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.2
Search vendor "Apple" for product "Mac Os X" and version "10.6.2"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.3
Search vendor "Apple" for product "Mac Os X" and version "10.6.3"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.4
Search vendor "Apple" for product "Mac Os X" and version "10.6.4"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.5
Search vendor "Apple" for product "Mac Os X" and version "10.6.5"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.6
Search vendor "Apple" for product "Mac Os X" and version "10.6.6"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.7
Search vendor "Apple" for product "Mac Os X" and version "10.6.7"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.6.8
Search vendor "Apple" for product "Mac Os X" and version "10.6.8"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.7.0
Search vendor "Apple" for product "Mac Os X" and version "10.7.0"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.7.1
Search vendor "Apple" for product "Mac Os X" and version "10.7.1"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
<= 10.7.2
Search vendor "Apple" for product "Mac Os X Server" and version " <= 10.7.2"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.0
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.0"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.1
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.1"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.2
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.2"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.3
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.3"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.4
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.4"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.5
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.5"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.6
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.6"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.7
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.7"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.6.8
Search vendor "Apple" for product "Mac Os X Server" and version "10.6.8"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.7.0
Search vendor "Apple" for product "Mac Os X Server" and version "10.7.0"
-
Affected
Apple
Search vendor "Apple"
Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
10.7.1
Search vendor "Apple" for product "Mac Os X Server" and version "10.7.1"
-
Affected