ID CVE-2011-0257
Summary Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
References
Vulnerable Configurations
  • Apple Quicktime 7.6.9
    cpe:2.3:a:apple:quicktime:7.6.9
  • Apple Quicktime 7.6.1
    cpe:2.3:a:apple:quicktime:7.6.1
  • cpe:2.3:a:apple:quicktime:7.6.0
  • cpe:2.3:a:apple:quicktime:7.6.7
  • cpe:2.3:a:apple:quicktime:7.6.2
  • Apple Quicktime 7.6.8
    cpe:2.3:a:apple:quicktime:7.6.8
  • cpe:2.3:a:apple:quicktime:7.6.5
  • cpe:2.3:a:apple:quicktime:7.6.6
  • Apple Quicktime 7.67.75.0
    cpe:2.3:a:apple:quicktime:7.67.75.0
  • Apple QuickTime 7.66.71.0
    cpe:2.3:a:apple:quicktime:7.66.71.0
  • Apple Quicktime 7.5.5
    cpe:2.3:a:apple:quicktime:7.5.5
  • cpe:2.3:a:apple:quicktime:7.5.0
  • cpe:2.3:a:apple:quicktime:7.4.0
  • cpe:2.3:a:apple:quicktime:7.4.1
  • cpe:2.3:a:apple:quicktime:7.4.5
  • cpe:2.3:a:apple:quicktime:7.3.0
  • Apple Quicktime 7.3.1
    cpe:2.3:a:apple:quicktime:7.3.1
  • Apple Quicktime 7.3.1.70
    cpe:2.3:a:apple:quicktime:7.3.1.70
  • Apple Quicktime 7.2.0
    cpe:2.3:a:apple:quicktime:7.2.0
  • cpe:2.3:a:apple:quicktime:7.2.1
  • cpe:2.3:a:apple:quicktime:7.1.0
  • cpe:2.3:a:apple:quicktime:7.1.1
  • Apple Quicktime 7.1.2
    cpe:2.3:a:apple:quicktime:7.1.2
  • cpe:2.3:a:apple:quicktime:7.1.3
  • Apple Quicktime 7.1.4
    cpe:2.3:a:apple:quicktime:7.1.4
  • cpe:2.3:a:apple:quicktime:7.1.5
  • Apple Quicktime 7.1.6
    cpe:2.3:a:apple:quicktime:7.1.6
  • cpe:2.3:a:apple:quicktime:7.0.0
  • Apple Quicktime 7.0.1
    cpe:2.3:a:apple:quicktime:7.0.1
  • Apple Quicktime 7.0.2
    cpe:2.3:a:apple:quicktime:7.0.2
  • Apple Quicktime 7.0.3
    cpe:2.3:a:apple:quicktime:7.0.3
  • Apple Quicktime 7.0.4
    cpe:2.3:a:apple:quicktime:7.0.4
CVSS
Base: 9.3 (as of 16-08-2011 - 11:05)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Apple QuickTime PICT PnSize Buffer Overflow. CVE-2011-0257. Local exploit for windows platform
file exploits/windows/local/17777.rb
id EDB-ID:17777
last seen 2016-02-02
modified 2011-09-03
platform windows
port
published 2011-09-03
reporter metasploit
source https://www.exploit-db.com/download/17777/
title Apple QuickTime PICT PnSize Buffer Overflow
type local
metasploit via4
description This module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/APPLE_QUICKTIME_PNSIZE
last seen 2018-10-08
modified 2017-07-24
published 2011-09-03
reliability Good
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb
title Apple QuickTime PICT PnSize Buffer Overflow
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_QUICKTIME77.NASL
    description The version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 55763
    published 2011-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55763
    title QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id QUICKTIME_77.NASL
    description The version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of GIF files may lead to an application crash or arbitrary code execution. (CVE-2011-0246) - Multiple stack-based buffer overflows in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0247) - A stack-based buffer overflow in the QuickTime ActiveX's handling of QTL files may lead to an application crash or arbitrary code execution. (CVE-2011-0248) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256) - Memory corruption in Quicktime's handling of mp4v codec information. (CVE-2011-0258)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 55764
    published 2011-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55764
    title QuickTime < 7.7 Multiple Vulnerabilities (Windows)
oval via4
accepted 2013-07-29T04:00:29.942-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple QuickTime is installed
oval oval:org.mitre.oval:def:12443
description Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
family windows
id oval:org.mitre.oval:def:16059
status accepted
submitted 2012-12-11T16:37:33.623-05:00
title Integer signedness error in Apple QuickTime before 7.7 via a crafted PnSize opcode in a PICT file
version 7
packetstorm via4
refmap via4
confirm http://support.apple.com/kb/HT4826
exploit-db 17777
misc http://zerodayinitiative.com/advisories/ZDI-11-252/
sreason 8365
saint via4
bid 49144
description QuickTime PICT PnSize Stack Overflow
id misc_quicktime
osvdb 74687
title quicktime_pict_pnsize
type client
Last major update 02-11-2013 - 23:09
Published 15-08-2011 - 17:55
Last modified 18-09-2017 - 21:31
Back to Top