Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0211 (GCVE-0-2011-0211)
Vulnerability from cvelistv5
Published
2011-06-24 20:00
Modified
2024-08-06 21:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
References
| URL | Tags | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "APPLE-SA-2011-08-03-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-11T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "APPLE-SA-2011-08-03-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-0211",
"datePublished": "2011-06-24T20:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-06T21:43:15.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0211\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2011-06-24T20:55:02.560\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo de pel\u00edcula hecho a mano.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.7.0\",\"matchCriteriaId\":\"8AFCF47D-E5F5-487A-839B-E23159071140\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndExcluding\":\"10.6.8\",\"matchCriteriaId\":\"C49EABED-46D6-4AFC-A440-15B6A44D81E3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndExcluding\":\"10.6.8\",\"matchCriteriaId\":\"A890E117-79B8-434D-92DF-2CCF73469519\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndExcluding\":\"10.6.8\",\"matchCriteriaId\":\"C49EABED-46D6-4AFC-A440-15B6A44D81E3\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
ghsa-cjh7-46ch-hp83
Vulnerability from github
Published
2022-05-17 05:39
Modified
2022-05-17 05:39
VLAI Severity ?
Details
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
{
"affected": [],
"aliases": [
"CVE-2011-0211"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-06-24T20:55:00Z",
"severity": "MODERATE"
},
"details": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.",
"id": "GHSA-cjh7-46ch-hp83",
"modified": "2022-05-17T05:39:55Z",
"published": "2022-05-17T05:39:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0211"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4723"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTA-2011-AVI-369
Vulnerability from certfr_avis
De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :
- AirPort ;
- App Store ;
- Gestion des certificats ;
- ColorSync ;
- CoreFoundation ;
- CoreGraphics ;
- FTP Server ;
- ImageIO ;
- Kernel ;
- Libsystem ;
- Libxslt ;
- MobileMe ;
- MySQL ;
- OpenSSL ;
- QuickTime ;
- Samba ;
- Servermgrd ;
- Subversion.
Certaines vulnérabilités permettent l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X 10.5.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.6.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.5.8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X 10.6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment\u00a0:\n\n- AirPort\u00a0;\n- App Store\u00a0;\n- Gestion des certificats\u00a0;\n- ColorSync\u00a0;\n- CoreFoundation\u00a0;\n- CoreGraphics\u00a0;\n- FTP Server\u00a0;\n- ImageIO\u00a0;\n- Kernel\u00a0;\n- Libsystem\u00a0;\n- Libxslt\u00a0;\n- MobileMe\u00a0;\n- MySQL\u00a0;\n- OpenSSL\u00a0;\n- QuickTime\u00a0;\n- Samba\u00a0;\n- Servermgrd\u00a0;\n- Subversion.\n\nCertaines vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
},
{
"name": "CVE-2011-0200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
},
{
"name": "CVE-2011-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0208"
},
{
"name": "CVE-2010-4651",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4651"
},
{
"name": "CVE-2010-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3835"
},
{
"name": "CVE-2011-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0198"
},
{
"name": "CVE-2011-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0715"
},
{
"name": "CVE-2010-3837",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3837"
},
{
"name": "CVE-2010-3682",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3682"
},
{
"name": "CVE-2011-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0207"
},
{
"name": "CVE-2011-0202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
},
{
"name": "CVE-2011-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0196"
},
{
"name": "CVE-2010-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3677"
},
{
"name": "CVE-2011-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0197"
},
{
"name": "CVE-2011-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0210"
},
{
"name": "CVE-2011-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0209"
},
{
"name": "CVE-2011-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0203"
},
{
"name": "CVE-2011-0206",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
},
{
"name": "CVE-2011-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0719"
},
{
"name": "CVE-2010-3790",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
},
{
"name": "CVE-2010-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
},
{
"name": "CVE-2009-3245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
},
{
"name": "CVE-2010-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
},
{
"name": "CVE-2010-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
},
{
"name": "CVE-2011-1132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1132"
},
{
"name": "CVE-2011-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0213"
},
{
"name": "CVE-2010-3838",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3838"
},
{
"name": "CVE-2011-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0212"
},
{
"name": "CVE-2011-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0205"
},
{
"name": "CVE-2010-3836",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3836"
},
{
"name": "CVE-2011-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
},
{
"name": "CVE-2011-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0199"
},
{
"name": "CVE-2010-3069",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
},
{
"name": "CVE-2011-0201",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
},
{
"name": "CVE-2010-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
},
{
"name": "CVE-2010-3833",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3833"
},
{
"name": "CVE-2011-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
},
{
"name": "CVE-2011-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0211"
},
{
"name": "CVE-2010-3834",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3834"
}
],
"initial_release_date": "2011-06-24T00:00:00",
"last_revision_date": "2011-06-24T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-369",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-06-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT4723 du 23 juin 2011",
"url": "http://docs.info.apple.com/article.html?artnum=HT4723"
}
]
}
CERTA-2011-AVI-429
Vulnerability from certfr_avis
De multiples vulnérabilités dans Apple QuickTime ont été corrigées.
Description
Plusieurs vulnérabilités dans Apple QuickTime permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.
Solution
La version 7.7 de Quicktime corrige ces problèmes.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuickTime 7 sur MacOS X ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "QuickTime 7 sur Microsoft Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "MacOS X 10.6.",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans Apple QuickTime permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nLa version 7.7 de Quicktime corrige ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0247",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0247"
},
{
"name": "CVE-2011-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
},
{
"name": "CVE-2011-0249",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
},
{
"name": "CVE-2011-0248",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0248"
},
{
"name": "CVE-2011-0257",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0257"
},
{
"name": "CVE-2011-0250",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
},
{
"name": "CVE-2011-0246",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0246"
},
{
"name": "CVE-2011-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0210"
},
{
"name": "CVE-2011-0186",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0186"
},
{
"name": "CVE-2011-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0209"
},
{
"name": "CVE-2011-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0245"
},
{
"name": "CVE-2011-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0213"
},
{
"name": "CVE-2011-0251",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
},
{
"name": "CVE-2011-0256",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0256"
},
{
"name": "CVE-2011-0252",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
},
{
"name": "CVE-2011-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0211"
}
],
"initial_release_date": "2011-08-04T00:00:00",
"last_revision_date": "2011-08-18T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-429",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-08-04T00:00:00.000000"
},
{
"description": "ajout de r\u00e9f\u00e9rences CVE.",
"revision_date": "2011-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT4826 du 03 ao\u00fbt 2011",
"url": "http://support.apple.com/kb/HT4826"
}
]
}
fkie_cve-2011-0211
Vulnerability from fkie_nvd
Published
2011-06-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | Mailing List, Patch, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4723 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4723 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFCF47D-E5F5-487A-839B-E23159071140",
"versionEndExcluding": "7.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49EABED-46D6-4AFC-A440-15B6A44D81E3",
"versionEndExcluding": "10.6.8",
"versionStartIncluding": "10.6.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A890E117-79B8-434D-92DF-2CCF73469519",
"versionEndExcluding": "10.6.8",
"versionStartIncluding": "10.6.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49EABED-46D6-4AFC-A440-15B6A44D81E3",
"versionEndExcluding": "10.6.8",
"versionStartIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
},
{
"lang": "es",
"value": "Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo de pel\u00edcula hecho a mano."
}
],
"id": "CVE-2011-0211",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-24T20:55:02.560",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4723"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201106-0162
Vulnerability from variot
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams. While parsing the sample description for the 'alac' codec an integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. When Quicktime writes to this buffer it causes a memory corruption that can lead to remote code execution under the context of the current user. Apple Mac OS X is prone to an integer-overflow vulnerability that occurs in QuickTime. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are affected: Mac OS X 10.6 through v10.6.7 Mac OS X Server 10.6 through v10.6.7 NOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0186 : Will Dormann of the CERT/CC
QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in QuickTime plug-in's handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0213 : Luigi Auriemma working with iDefense VCP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0246 : an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. CVE-ID CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/
For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355
For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9
QuickTime is incorporated into Mac OS X v10.6 and later.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin)
iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-230
June 29, 2011
-- CVE ID: CVE-2011-0211
-- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors: Apple
-- Affected Products: Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11428.
-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT4723
-- Disclosure Timeline: 2011-04-11 - Vulnerability reported to vendor 2011-06-29 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Luigi Auriemma * Damian Put
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/
TITLE: Apple Mac OS X Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA45054
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45054
RELEASE DATE: 2011-06-25
DISCUSS ADVISORY: http://secunia.com/advisories/45054/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45054/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45054
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error within AirPort when handling Wi-Fi frames can be exploited to trigger an out-of-bounds memory access and cause a system reset.
2) An error within App Store may lead to a user's AppleID password being logged to a local file.
3) An unspecified error in the handling of embedded TrueType fonts in Apple Type Services (ATS) can be exploited to cause a heap-based buffer overflow when a specially crafted document is viewed or downloaded.
4) An error within Certificate Trust Policy when handling an Extended Validation (EV) certificate with no OCSP URL can be exploited to disclose certain sensitive information via Man-in-the-Middle (MitM) attacks.
7) An integer overflow error in CoreGraphics when handling PDF files containing Type 1 fonts can be exploited to cause a buffer overflow via a specially crafted PDF file.
8) A path validation error within xftpd can be exploited to perform a recursive directory listing and disclose the list of otherwise restricted files.
9) An error in ImageIO within the handling of TIFF files can be exploited to cause a heap-based buffer overflow.
10) An error in ImageIO within the handling of JPEG2000 files can be exploited to cause a heap-based buffer overflow.
11) An error within ICU (International Components for Unicode) when handling certain uppercase strings can be exploited to cause a buffer overflow.
12) A NULL pointer dereference error within the kernel when handling IPV6 socket options can be exploited to cause a system reset.
13) An error within Libsystem when using the glob(3) API can be exploited to cause a high CPU consumption.
14) An error within libxslt can be exploited to disclose certain addresses from the heap.
For more information see vulnerability #2 in: SA43832
15) An error exists within MobileMe when determining a user's email aliases. This can be exploited to disclose a user's MobileMe email aliases via Man-in-the-Middle (MitM) attacks.
16) Some vulnerabilities are caused due to a vulnerable bundled version of MySQL.
For more information: SA41048 SA41716
17) Some vulnerabilities are caused due to a vulnerable bundled version of OpenSSL.
For more information: SA37291 SA38807 SA42243 SA42473 SA43227
18) A vulnerability is caused due to a vulnerable bundled version of GNU patch.
For more information: SA43677
19) An unspecified error in QuickLook within the processing of Microsoft Office files can be exploited to corrupt memory, which may allow execution of arbitrary code.
25) Some vulnerabilities are caused due to a vulnerable bundled version of Samba.
For more information: SA41354 SA43512
26) An error in servermgrd when handling XML-RPC requests can be exploited to disclose arbitrary files from the local resources.
27) A vulnerability is caused due to a vulnerable bundled version of subversion.
For more information: SA43603
SOLUTION: Update to version 10.6.8 or apply Security Update 2011-004.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Paul Nelson 3) Marc Schoenefeld, Red Hat Security Response Team and Harry Sintonen 4) Chris Hawk and Wan-Teh Chang, Google 5) binaryproof via ZDI 6) Harry Sintonen 7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 8) team karlkani 9) Dominic Chell, NGS Secure 10) Harry Sintonen 11) David Bienvenu, Mozilla 12) Thomas Clement, Intego 13) Maksymilian Arciemowicz 14) Chris Evans, Google Chrome Security Team 15) Aaron Sigel, vtty.com 19)Tobias Klein via iDefense 20, 22) Luigi Auriemma via ZDI 21) Honggang Ren, Fortinet's FortiGuard Labs 23) Subreption LLC via ZDI 24) Luigi Auriemma via iDefense
1, 26) Reported by the vendor
ORIGINAL ADVISORY: Apple Security Update 2011-004: http://support.apple.com/kb/HT4723
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201106-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "quicktime",
"scope": null,
"trust": 1.3,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6(1671)"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "BID",
"id": "48420"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi AuriemmaDamian Put",
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-230"
}
],
"trust": 0.7
},
"cve": "CVE-2011-0211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0211",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-0211",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48156",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0211",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-0211",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2011-0211",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-316",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48156",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "VULHUB",
"id": "VHN-48156"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams. While parsing the sample description for the \u0027alac\u0027 codec an integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. When Quicktime writes to this buffer it causes a memory corruption that can lead to remote code execution under the context of the current user. Apple Mac OS X is prone to an integer-overflow vulnerability that occurs in QuickTime. Failed exploit attempts will likely result in denial-of-service conditions. \nThe following versions are affected:\nMac OS X 10.6 through v10.6.7\nMac OS X Server 10.6 through v10.6.7\nNOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. Viewing a maliciously crafted pict file may lead to an\nunexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0186 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of video data from another site\nDescription: A cross-origin issue existed in QuickTime plug-in\u0027s\nhandling of cross-site redirects. Visiting a maliciously crafted\nwebsite may lead to the disclosure of video data from another site. \nThis issue is addressed by preventing QuickTime from following cross-\nsite redirects. Playing a maliciously crafted WAV file may lead to an\nunexpected application termination or arbitrary code execution. Viewing a maliciously crafted JPEG file may lead to an\nunexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0213 : Luigi Auriemma working with iDefense VCP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted GIF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in QuickTime\u0027s handling\nof GIF images. Viewing a maliciously crafted GIF image may lead to an\nunexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0246 : an anonymous contributor working with Beyond\nSecurity\u0027s SecuriTeam Secure Disclosure program\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted H.264 movie file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: Multiple stack buffer overflows existed in the handling\nof H.264 encoded movie files. \nCVE-ID\nCVE-2011-0247 : Roi Mallo and Sherab Giovannini working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website using Internet\nExplorer may lead to an unexpected application termination or\narbitrary code execution\nDescription: A stack buffer overflow existed in the QuickTime\nActiveX control\u0027s handling of QTL files. Visiting a maliciously\ncrafted website using Internet Explorer may lead to an unexpected\napplication termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0252 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\n\nQuickTime 7.7 may be obtained from the Software Update\napplication, or from the QuickTime Downloads site:\nhttp://www.apple.com/quicktime/download/\n\nFor Mac OS X v10.5.8\nThe download file is named: \"QuickTime77Leopard.dmg\"\nIts SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355\n\nFor Windows 7 / Vista / XP SP3\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9\n\nQuickTime is incorporated into Mac OS X v10.6 and later. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (Darwin)\n\niQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0\nOrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto\nKFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf\nJ2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7\n95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg\ntrYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU=\n=H+iO\n-----END PGP SIGNATURE-----\n. ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability\n\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-230\n\nJune 29, 2011\n\n-- CVE ID:\nCVE-2011-0211\n\n-- CVSS:\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n-- Affected Vendors:\nApple\n\n-- Affected Products:\nApple Quicktime\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 11428. \n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://support.apple.com/kb/HT4723\n\n-- Disclosure Timeline:\n2011-04-11 - Vulnerability reported to vendor\n2011-06-29 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Luigi Auriemma\n * Damian Put\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\n\nFrost \u0026 Sullivan 2011 Report: Secunia Vulnerability Research\n\\\"Frost \u0026 Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\\\" This is just one of the key factors that influenced Frost \u0026 Sullivan to select Secunia over other companies. \nRead the report here:\nhttp://secunia.com/products/corporate/vim/fs_request_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA45054\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45054/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054\n\nRELEASE DATE:\n2011-06-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45054/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45054/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error within AirPort when handling Wi-Fi frames can be\nexploited to trigger an out-of-bounds memory access and cause a\nsystem reset. \n\n2) An error within App Store may lead to a user\u0027s AppleID password\nbeing logged to a local file. \n\n3) An unspecified error in the handling of embedded TrueType fonts in\nApple Type Services (ATS) can be exploited to cause a heap-based\nbuffer overflow when a specially crafted document is viewed or\ndownloaded. \n\n4) An error within Certificate Trust Policy when handling an Extended\nValidation (EV) certificate with no OCSP URL can be exploited to\ndisclose certain sensitive information via Man-in-the-Middle (MitM)\nattacks. \n\n7) An integer overflow error in CoreGraphics when handling PDF files\ncontaining Type 1 fonts can be exploited to cause a buffer overflow\nvia a specially crafted PDF file. \n\n8) A path validation error within xftpd can be exploited to perform a\nrecursive directory listing and disclose the list of otherwise\nrestricted files. \n\n9) An error in ImageIO within the handling of TIFF files can be\nexploited to cause a heap-based buffer overflow. \n\n10) An error in ImageIO within the handling of JPEG2000 files can be\nexploited to cause a heap-based buffer overflow. \n\n11) An error within ICU (International Components for Unicode) when\nhandling certain uppercase strings can be exploited to cause a buffer\noverflow. \n\n12) A NULL pointer dereference error within the kernel when handling\nIPV6 socket options can be exploited to cause a system reset. \n\n13) An error within Libsystem when using the glob(3) API can be\nexploited to cause a high CPU consumption. \n\n14) An error within libxslt can be exploited to disclose certain\naddresses from the heap. \n\nFor more information see vulnerability #2 in:\nSA43832\n\n15) An error exists within MobileMe when determining a user\u0027s email\naliases. This can be exploited to disclose a user\u0027s MobileMe email\naliases via Man-in-the-Middle (MitM) attacks. \n\n16) Some vulnerabilities are caused due to a vulnerable bundled\nversion of MySQL. \n\nFor more information:\nSA41048\nSA41716\n\n17) Some vulnerabilities are caused due to a vulnerable bundled\nversion of OpenSSL. \n\nFor more information:\nSA37291\nSA38807\nSA42243\nSA42473\nSA43227\n\n18) A vulnerability is caused due to a vulnerable bundled version of\nGNU patch. \n\nFor more information:\nSA43677\n\n19) An unspecified error in QuickLook within the processing of\nMicrosoft Office files can be exploited to corrupt memory, which may\nallow execution of arbitrary code. \n\n25) Some vulnerabilities are caused due to a vulnerable bundled\nversion of Samba. \n\nFor more information:\nSA41354\nSA43512\n\n26) An error in servermgrd when handling XML-RPC requests can be\nexploited to disclose arbitrary files from the local resources. \n\n27) A vulnerability is caused due to a vulnerable bundled version of\nsubversion. \n\nFor more information:\nSA43603\n\nSOLUTION:\nUpdate to version 10.6.8 or apply Security Update 2011-004. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n2) Paul Nelson\n3) Marc Schoenefeld, Red Hat Security Response Team and Harry\nSintonen\n4) Chris Hawk and Wan-Teh Chang, Google\n5) binaryproof via ZDI\n6) Harry Sintonen\n7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google\nSecurity Team\n8) team karlkani\n9) Dominic Chell, NGS Secure\n10) Harry Sintonen\n11) David Bienvenu, Mozilla\n12) Thomas Clement, Intego\n13) Maksymilian Arciemowicz\n14) Chris Evans, Google Chrome Security Team\n15) Aaron Sigel, vtty.com\n19)Tobias Klein via iDefense\n20, 22) Luigi Auriemma via ZDI\n21) Honggang Ren, Fortinet\u0027s FortiGuard Labs\n23) Subreption LLC via ZDI\n24) Luigi Auriemma via iDefense\n\n1, 26) Reported by the vendor\n\nORIGINAL ADVISORY:\nApple Security Update 2011-004:\nhttp://support.apple.com/kb/HT4723\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0211"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "BID",
"id": "48420"
},
{
"db": "VULHUB",
"id": "VHN-48156"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102671"
},
{
"db": "PACKETSTORM",
"id": "102569"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-48156",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48156"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0211",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-11-230",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1140",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "45054",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-06-23-1",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17108",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17431",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17114",
"trust": 0.6
},
{
"db": "BID",
"id": "48420",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "102671",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "103730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102569",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "VULHUB",
"id": "VHN-48156"
},
{
"db": "BID",
"id": "48420"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102671"
},
{
"db": "PACKETSTORM",
"id": "102569"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"id": "VAR-201106-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48156"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:37:53.872000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4723",
"trust": 1.5,
"url": "http://support.apple.com/kb/HT4723"
},
{
"title": "HT4826",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4826"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48156"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://support.apple.com/kb/ht4723"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2011//aug/msg00000.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0211"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu976710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu610235"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0211"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/45054"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17431"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17114"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17108"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-230/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0211"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0213"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0246"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0252"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0251"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-230"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/fs_request_2011/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45054/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45054/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "VULHUB",
"id": "VHN-48156"
},
{
"db": "BID",
"id": "48420"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102671"
},
{
"db": "PACKETSTORM",
"id": "102569"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"db": "VULHUB",
"id": "VHN-48156"
},
{
"db": "BID",
"id": "48420"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102671"
},
{
"db": "PACKETSTORM",
"id": "102569"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"date": "2011-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-48156"
},
{
"date": "2011-06-23T00:00:00",
"db": "BID",
"id": "48420"
},
{
"date": "2011-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"date": "2011-08-04T23:11:35",
"db": "PACKETSTORM",
"id": "103730"
},
{
"date": "2011-06-30T05:36:01",
"db": "PACKETSTORM",
"id": "102671"
},
{
"date": "2011-06-24T11:18:16",
"db": "PACKETSTORM",
"id": "102569"
},
{
"date": "2011-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"date": "2011-06-24T20:55:02.560000",
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-11-230"
},
{
"date": "2011-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-48156"
},
{
"date": "2011-08-05T11:30:00",
"db": "BID",
"id": "48420"
},
{
"date": "2011-08-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001839"
},
{
"date": "2011-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-316"
},
{
"date": "2024-11-21T01:23:33.197000",
"db": "NVD",
"id": "CVE-2011-0211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "102671"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001839"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-316"
}
],
"trust": 0.6
}
}
gsd-2011-0211
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0211",
"description": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.",
"id": "GSD-2011-0211"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0211"
],
"details": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.",
"id": "GSD-2011-0211",
"modified": "2023-12-13T01:19:04.252957Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0211"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2011-08-11T02:48Z",
"publishedDate": "2011-06-24T20:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…