ID CVE-2011-0209
Summary Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.
References
Vulnerable Configurations
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.6
    cpe:2.3:o:apple:mac_os_x:10.6.6
  • Apple Mac OS X 10.6.7
    cpe:2.3:o:apple:mac_os_x:10.6.7
  • cpe:2.3:a:apple:quicktime
  • Apple Mac OS X Server 10.6.4
    cpe:2.3:o:apple:mac_os_x_server:10.6.4
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.5
    cpe:2.3:o:apple:mac_os_x_server:10.6.5
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.6
    cpe:2.3:o:apple:mac_os_x_server:10.6.6
  • Apple Mac OS X Server 10.6.7
    cpe:2.3:o:apple:mac_os_x_server:10.6.7
  • cpe:2.3:a:apple:quicktime
CVSS
Base: 6.8 (as of 27-06-2011 - 10:16)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_QUICKTIME77.NASL
    description The version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 55763
    published 2011-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55763
    title QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id QUICKTIME_77.NASL
    description The version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of GIF files may lead to an application crash or arbitrary code execution. (CVE-2011-0246) - Multiple stack-based buffer overflows in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0247) - A stack-based buffer overflow in the QuickTime ActiveX's handling of QTL files may lead to an application crash or arbitrary code execution. (CVE-2011-0248) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256) - Memory corruption in Quicktime's handling of mp4v codec information. (CVE-2011-0258)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 55764
    published 2011-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55764
    title QuickTime < 7.7 Multiple Vulnerabilities (Windows)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_8.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion
    last seen 2019-02-21
    modified 2018-08-22
    plugin id 55416
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55416
    title Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
refmap via4
apple
  • APPLE-SA-2011-06-23-1
  • APPLE-SA-2011-08-03-1
confirm http://support.apple.com/kb/HT4723
Last major update 10-08-2011 - 22:48
Published 24-06-2011 - 16:55
Back to Top