Vulnerabilities > CVE-2012-0667 - Numeric Errors vulnerability in Apple Quicktime
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | QUICKTIME_772.NASL |
| description | The version of QuickTime installed on the remote Windows host is older than 7.7.2 and may be affected by the following vulnerabilities : - An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458) - An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459) - A stack-based buffer overflow exists in the QuickTime plugin |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 59113 |
| published | 2012-05-16 |
| reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/59113 |
| title | QuickTime < 7.7.2 Multiple Vulnerabilities (Windows) |
Oval
| accepted | 2013-07-29T04:00:24.534-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15858 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-12-11T16:37:33.623-05:00 | ||||||||||||
| title | Integer signedness error in Apple QuickTime before 7.7.2 on Windows via a crafted QTVR movie file | ||||||||||||
| version | 7 |
Saint
| bid | 53583 |
| description | Apple QuickTime QTVRStringAtom stringLength Parameter QTVR Movie File Handling |
| id | misc_quicktime |
| osvdb | 81938 |
| title | quicktime_qtvr_integer_signedness |
| type | client |
Seebug
bulletinFamily exploit description BUGTRAQ ID: 53583 CVE ID: CVE-2012-0667 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 Windows上的Apple QuickTime 7.7.2之前版本在处理特制的QTVR视频文件时存在整数签名错误,可允许远程攻击者执行任意代码或造成拒绝服务。 0 Apple QuickTime Player 7.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/ id SSV:60137 last seen 2017-11-19 modified 2012-05-19 published 2012-05-19 reporter Root title Apple QuickTime 7.7.2之前版本QTVR文件远程代码执行漏洞 bulletinFamily exploit description BUGTRAQ ID: 53547 CVE ID: CVE-2012-0663,CVE-2012-0664,CVE-2012-0665,CVE-2012-0666,CVE-2012-0667,CVE-2012-0668,CVE-2012-0669,CVE-2012-0670,CVE-2012-0671,CVE-2012-0265 OS X Lion Server 内含一组应用软件,可将任意一台Mac 变成功能强大的服务器。Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Windows 7、Vista、XP上的Apple QuickTime 7.7.2之前版本在处理特制文件的实现上存在多个安全漏洞,可允许远程攻击者以当前用户权限执行任意代码。 0 Apple QuickTime Player 7.x 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(APPLE-SA-2012-05-09-1)以及相应补丁: APPLE-SA-2012-05-09-1:OS X Lion v10.7.4 and Security Update 2012-002 id SSV:60131 last seen 2017-11-19 modified 2012-05-17 published 2012-05-17 reporter Root title Apple QuickTime 7.7.2之前版本多个远程任意代码执行漏洞