Vulnerabilities > CVE-2012-3754 - Resource Management Errors vulnerability in Apple Quicktime
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | QUICKTIME_773.NASL |
description | The version of QuickTime installed on the remote Windows host is older than 7.7.3 and therefore is reportedly affected by the following vulnerabilities : - A buffer overflow exists in the handling of REGION records in PICT files. (CVE-2011-1374) - A memory corruption issue exists in the handling of PICT files. (CVE-2012-3757) - A use-after-free issue exists in the QuickTime plugin |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 62890 |
published | 2012-11-12 |
reporter | This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/62890 |
title | QuickTime < 7.7.3 Multiple Vulnerabilities (Windows) |
code |
|
Oval
accepted | 2013-07-29T04:00:27.923-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:15986 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2012-12-11T16:37:33.623-05:00 | ||||||||||||
title | Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 | ||||||||||||
version | 7 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 56438 CVE ID: CVE-2011-1374,CVE-2012-3751,CVE-2012-3752,CVE-2012-3753,CVE-2012-3754,CVE-2012-3755,CVE-2012-3756,CVE-2012-3757,CVE-2012-3758 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 QuickTime 7.7.3之前版本存在多个安全漏洞,在处理特制的文件时,可允许攻击者以当前登录用户权限执行任意代码。 1)在处理PICT文件时的边界错误可造成缓冲区溢出和内存破坏。 2)在处理HTML对象内的"_qtactivex_"参数时,存在释放后重用漏洞。 3)在处理"text3GTrack"元素的转换属性时存在边界错误,通过特制的TeXML文件,可造成缓冲区溢出。 4)在处理插件内的某些MIME类型时存在边界错误,可造成缓冲区溢出。 5)在处理"Clear()"方法时,ActiveX控件内存在释放后重用漏洞。 6)在处理Targa文件时存在边界错误,可造成缓冲区溢出。 7)在处理MP4文件的"rnet"框时,存在边界错误,可造成缓冲区溢出。 0 Apple Quicktime 7.x 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(HT5581)以及相应补丁: HT5581:About the security content of QuickTime 7.7.3 链接:http://support.apple.com/kb/HT5581 |
id | SSV:60456 |
last seen | 2017-11-19 |
modified | 2012-11-09 |
published | 2012-11-09 |
reporter | Root |
title | Apple QuickTime 7.7.3之前版本多个任意代码执行漏洞 |