ID CVE-2013-0987
Summary Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.
References
Vulnerable Configurations
  • Apple Quicktime 7.7.3
    cpe:2.3:a:apple:quicktime:7.7.3
  • Apple Quicktime 7.7.2
    cpe:2.3:a:apple:quicktime:7.7.2
  • Apple Quicktime 7.7.1
    cpe:2.3:a:apple:quicktime:7.7.1
  • Apple Quicktime 7.7.0
    cpe:2.3:a:apple:quicktime:7.7.0
  • cpe:2.3:a:apple:quicktime:7.6.2
  • Apple Quicktime 7.6.7
    cpe:2.3:a:apple:quicktime:7.6.7
  • Apple Quicktime 7.6.5
    cpe:2.3:a:apple:quicktime:7.6.5
  • cpe:2.3:a:apple:quicktime:7.6.6
  • cpe:2.3:a:apple:quicktime:7.6.1
  • cpe:2.3:a:apple:quicktime:7.6.0
  • cpe:2.3:a:apple:quicktime:7.6.8
  • Apple Quicktime 7.6.9
    cpe:2.3:a:apple:quicktime:7.6.9
  • Apple Quicktime 7.5.5
    cpe:2.3:a:apple:quicktime:7.5.5
  • cpe:2.3:a:apple:quicktime:7.5.0
  • Apple Quicktime 7.4.5
    cpe:2.3:a:apple:quicktime:7.4.5
  • cpe:2.3:a:apple:quicktime:7.4.1
  • Apple Quicktime 7.4.0
    cpe:2.3:a:apple:quicktime:7.4.0
  • cpe:2.3:a:apple:quicktime:7.3.1
  • Apple Quicktime 7.3.0
    cpe:2.3:a:apple:quicktime:7.3.0
  • cpe:2.3:a:apple:quicktime:7.2.1
  • Apple Quicktime 7.2.0
    cpe:2.3:a:apple:quicktime:7.2.0
  • Apple Quicktime 7.1.6
    cpe:2.3:a:apple:quicktime:7.1.6
  • Apple Quicktime 7.1.5
    cpe:2.3:a:apple:quicktime:7.1.5
  • cpe:2.3:a:apple:quicktime:7.1.4
  • Apple Quicktime 7.1.3
    cpe:2.3:a:apple:quicktime:7.1.3
  • Apple Quicktime 7.1.2
    cpe:2.3:a:apple:quicktime:7.1.2
  • cpe:2.3:a:apple:quicktime:7.1.1
  • Apple Quicktime 7.1.0
    cpe:2.3:a:apple:quicktime:7.1.0
  • Apple Quicktime 7.0.4
    cpe:2.3:a:apple:quicktime:7.0.4
  • cpe:2.3:a:apple:quicktime:7.0.3
  • Apple Quicktime 7.0.2
    cpe:2.3:a:apple:quicktime:7.0.2
  • Apple Quicktime 7.0.1
    cpe:2.3:a:apple:quicktime:7.0.1
  • Apple Quicktime 7.0.0
    cpe:2.3:a:apple:quicktime:7.0.0
  • cpe:2.3:a:apple:quicktime:6.5.2
  • Apple Quicktime 6.5.1
    cpe:2.3:a:apple:quicktime:6.5.1
  • Apple Quicktime 6.5.0
    cpe:2.3:a:apple:quicktime:6.5.0
  • Apple Quicktime 6.5
    cpe:2.3:a:apple:quicktime:6.5
  • Apple Quicktime 6.4.0
    cpe:2.3:a:apple:quicktime:6.4.0
  • Apple Quicktime 6.3.0
    cpe:2.3:a:apple:quicktime:6.3.0
  • Apple Quicktime 6.2.0
    cpe:2.3:a:apple:quicktime:6.2.0
  • Apple Quicktime 6.1.1
    cpe:2.3:a:apple:quicktime:6.1.1
  • Apple Quicktime 6.1.0
    cpe:2.3:a:apple:quicktime:6.1.0
  • cpe:2.3:a:apple:quicktime:6.1
  • cpe:2.3:a:apple:quicktime:6.0.2
  • cpe:2.3:a:apple:quicktime:6.0.1
  • cpe:2.3:a:apple:quicktime:6.0.0
  • Apple Quicktime 6.0
    cpe:2.3:a:apple:quicktime:6.0
  • Apple Quicktime 5.0.2
    cpe:2.3:a:apple:quicktime:5.0.2
  • Apple Quicktime 5.0.1
    cpe:2.3:a:apple:quicktime:5.0.1
  • Apple Quicktime 5.0
    cpe:2.3:a:apple:quicktime:5.0
  • Apple Quicktime 4.1.2
    cpe:2.3:a:apple:quicktime:4.1.2
  • cpe:2.3:a:apple:quicktime:3.0
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
CVSS
Base: 9.3 (as of 24-05-2013 - 13:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_4.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components : - CFNetwork - CoreAnimation - CoreMedia Playback - CUPS - Disk Management - OpenSSL - QuickDraw Manager - QuickTime - SMB
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66808
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66808
    title Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2013-002.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied. This update contains numerous security-related fixes for the following components : - CoreMedia Playback (10.7 only) - Directory Service (10.6 only) - OpenSSL - QuickDraw Manager - QuickTime - Ruby (10.6 only) - SMB (10.7 only)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66809
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66809
    title Mac OS X Multiple Vulnerabilities (Security Update 2013-002)
  • NASL family Windows
    NASL id QUICKTIME_774.NASL
    description The version of QuickTime installed on the remote Windows host is older than 7.7.4. It is, therefore, reportedly affected by the following vulnerabilities : - Buffer overflow vulnerabilities exist in the handling of 'dref' atoms, 'enof' atoms, 'mvhd' atoms, FPX files, MP3 files, H.263 and H.264 encoded movie files, Sorenson encoded movie files, and JPEG encoded data. (CVE-2013-0986, CVE-2013-0988, CVE-2013-0989, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1021, CVE-2013-1022) - Memory corruption vulnerabilities exist in the handling of QTIF files, TeXML files, and JPEG encoded data. (CVE-2013-0987, CVE-2013-1015, CVE-2013-1020) Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 66636
    published 2013-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66636
    title QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)
oval via4
accepted 2013-07-29T04:00:47.862-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple QuickTime is installed
oval oval:org.mitre.oval:def:12443
description Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.
family windows
id oval:org.mitre.oval:def:16759
status accepted
submitted 2013-05-28T13:13:14.598-04:00
title Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file
version 6
refmap via4
apple
  • APPLE-SA-2013-05-22-1
  • APPLE-SA-2013-06-04-1
confirm
Last major update 02-11-2013 - 23:30
Published 24-05-2013 - 12:43
Last modified 18-09-2017 - 21:35
Back to Top