var-201110-0425
Vulnerability from variot
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity. These issues affect OS X prior to 10.7.2. Apple Mac OS X is prone to an HTML-injection vulnerability that exists in the 'Save for Web' export feature. An attacker can perform man-in-the-middle attacks to inject malicious script code in a template HTML file generated by the affected export feature. The injected script executes in the context of the local domain, when a victim views the generated template file locally. NOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has released updates to address these vulnerabilities.
I. Apple has released updates to address these vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
III. This advisory describes any known issues related to the updates and the specific impacts for each vulnerability. Administrators are encouraged to note these issues and impacts and test for any potentially adverse effects before wide-scale deployment.
IV. Please send email to cert@cert.org with "TA11-286A Feedback VU#421739" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
October 13, 2011: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA== =3Wp2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
QuickTime 7.7.1 is now available and addresses the following:
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. This issue is addressed by removing the reference to an online script. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. CVE-ID CVE-2011-3228 : Apple
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of PICT files. CVE-ID CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the handling of FLC encoded movie files. CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of JPEG2000 encoded movie files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of TKHD atoms in QuickTime movie files. CVE-ID CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime 7.7.1 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53 i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU= =LmVu -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0425", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.0.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.0.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.1.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.0.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.1.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.1.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.0.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "10.0.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.9" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.11" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.9" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.9" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.10" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.9" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.3" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.7" }, { "model": "mac os x server", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.5" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.10" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.7" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.6" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.0.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.0" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1.4" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.4" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.2" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.2.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.1" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.7" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.11" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.1" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.6.6" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.4.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.3.3" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.5.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "quicktime", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "ne", "trust": 0.6, "vendor": "apple", "version": "x10.7.2" }, { "model": "mac os server", "scope": "ne", "trust": 0.6, "vendor": "apple", "version": "x10.7.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" } ], "sources": [ { "db": "BID", "id": "50085" }, { "db": "BID", "id": "50122" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "CNNVD", "id": "CNNVD-201110-314" }, { "db": "NVD", "id": "CVE-2011-3218" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:quicktime", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002484" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous, Apple, Will Dormann of the CERT/CC, Steven Michaud of Mozilla, Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, Stephen Creswell, Erling Ellingsen of Facebook, Clint Tseng of the University of Washington, Michael\nKobb, Adam Kemp,", "sources": [ { "db": "BID", "id": "50085" } ], "trust": 0.3 }, "cve": "CVE-2011-3218", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CVE-2011-3218", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "VHN-51163", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3218", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2011-3218", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-201110-314", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-51163", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-51163" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "CNNVD", "id": "CNNVD-201110-314" }, { "db": "NVD", "id": "CVE-2011-3218" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The \"Save for Web\" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. \nThe update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity. \nThese issues affect OS X prior to 10.7.2. Apple Mac OS X is prone to an HTML-injection vulnerability that exists in the \u0027Save for Web\u0027 export feature. \nAn attacker can perform man-in-the-middle attacks to inject malicious script code in a template HTML file generated by the affected export feature. The injected script executes in the context of the local domain, when a victim views the generated template file locally. \nNOTE: This issue was previously discussed in BID 50085 (Apple Mac OS X Prior to 10.7.2 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple has\n released updates to address these vulnerabilities. \n\n\nI. Apple has released updates to address these\n vulnerabilities. \n\n\nII. Impact\n\n A remote, unauthenticated attacker could execute arbitrary code,\n cause a denial of service, or gain unauthorized access to your\n files or system. \n\n\nIII. This advisory describes any known issues related to the\n updates and the specific impacts for each vulnerability. \n Administrators are encouraged to note these issues and impacts and\n test for any potentially adverse effects before wide-scale\n deployment. \n\n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA11-286A Feedback VU#421739\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2011 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n\n October 13, 2011: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS\nDUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v\ns/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY\ndLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V\nNF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii\nxu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA==\n=3Wp2\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-10-26-1 QuickTime 7.7.1\n\nQuickTime 7.7.1 is now available and addresses the following:\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nH.264 encoded movie files. \nCVE-ID\nCVE-2011-3219 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nQuickTime\u0027s handling of URL data handlers within movie files. \nCVE-ID\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An implementation issue existed in QuickTime\u0027s handling\nof the atom hierarchy within a movie file. \nCVE-ID\nCVE-2011-3221 : an anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: An attacker in a privileged network position may inject\nscript in the local domain when viewing template HTML\nDescription: A cross-site scripting issue existed in QuickTime\nPlayer\u0027s \"Save for Web\" export. This issue is addressed by removing the reference to an\nonline script. \nCVE-ID\nCVE-2011-3218 : Aaron Sigel of vtty.com\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFlashPix files. \nCVE-ID\nCVE-2011-3222 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFLIC files. \nCVE-ID\nCVE-2011-3223 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in\nQuickTime\u0027s handling of movie files. \nCVE-ID\nCVE-2011-3228 : Apple\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted PICT file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in the handling of\nPICT files. \nCVE-ID\nCVE-2011-3247 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of font\ntables embedded in QuickTime movie files. \nCVE-ID\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue existed in the handling of FLC\nencoded movie files. \nCVE-ID\nCVE-2011-3249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in the handling of\nJPEG2000 encoded movie files. \nCVE-ID\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nTKHD atoms in QuickTime movie files. \nCVE-ID\nCVE-2011-3251 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\n\nQuickTime 7.7.1 may be obtained from the QuickTime Downloads site:\nhttp://www.apple.com/quicktime/download/\n\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv\nCFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu\nvpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk\nW4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p\nZ+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53\ni3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=\n=LmVu\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2011-3218" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "BID", "id": "50085" }, { "db": "BID", "id": "50122" }, { "db": "VULHUB", "id": "VHN-51163" }, { "db": "PACKETSTORM", "id": "105790" }, { "db": "PACKETSTORM", "id": "106335" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3218", "trust": 3.2 }, { "db": "BID", "id": "50122", "trust": 1.4 }, { "db": "BID", "id": "50085", "trust": 1.4 }, { "db": "OSVDB", "id": "76373", "trust": 1.1 }, { "db": "USCERT", "id": "TA11-286A", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2011-002484", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201110-314", "trust": 0.7 }, { "db": "NSFOCUS", "id": "18068", "trust": 0.6 }, { "db": "SECUNIA", "id": "46417", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2011-10-12-3", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-51163", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106335", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-51163" }, { "db": "BID", "id": "50085" }, { "db": "BID", "id": "50122" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "PACKETSTORM", "id": "105790" }, { "db": "PACKETSTORM", "id": "106335" }, { "db": "CNNVD", "id": "CNNVD-201110-314" }, { "db": "NVD", "id": "CVE-2011-3218" } ] }, "id": "VAR-201110-0425", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-51163" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:47:37.194000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5002", "trust": 0.8, "url": "http://support.apple.com/kb/HT5002" }, { "title": "HT5016", "trust": 0.8, "url": "http://support.apple.com/kb/HT5016" }, { "title": "MacOSXUpd10.7.2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40902" }, { "title": "MacOSXServerUpd10.7.2", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40901" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "CNNVD", "id": "CNNVD-201110-314" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-51163" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "NVD", "id": "CVE-2011-3218" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht5002" }, { "trust": 1.4, "url": "http://support.apple.com/kb/ht5016" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/50085" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/50122" }, { "trust": 1.1, "url": "http://osvdb.org/76373" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3218" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu971123" }, { "trust": 0.8, "url": "https://jvn.jp/cert/jvnta11-286a" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3218" }, { "trust": 0.8, "url": "http://www.us-cert.gov/cas/techalerts/ta11-286a.html" }, { "trust": 0.6, "url": "http://www.apple.com/macosx/" }, { "trust": 0.6, "url": "http://secunia.com/advisories/46417" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/18068" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/techalerts/ta11-286a.html\u003e" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1338\u003e" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht5002\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/signup.html\u003e." }, { "trust": 0.1, "url": "http://www.us-cert.gov/legal.html\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3223" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3228" }, { "trust": 0.1, "url": "http://www.apple.com/quicktime/download/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3219" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3220" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3218" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3249" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3250" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3247" } ], "sources": [ { "db": "VULHUB", "id": "VHN-51163" }, { "db": "BID", "id": "50085" }, { "db": "BID", "id": "50122" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "PACKETSTORM", "id": "105790" }, { "db": "PACKETSTORM", "id": "106335" }, { "db": "CNNVD", "id": "CNNVD-201110-314" }, { "db": "NVD", "id": "CVE-2011-3218" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-51163" }, { "db": "BID", "id": "50085" }, { "db": "BID", "id": "50122" }, { "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "db": "PACKETSTORM", "id": "105790" }, { "db": "PACKETSTORM", "id": "106335" }, { "db": "CNNVD", "id": "CNNVD-201110-314" }, { "db": "NVD", "id": "CVE-2011-3218" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-10-14T00:00:00", "db": "VULHUB", "id": "VHN-51163" }, { "date": "2011-10-12T00:00:00", "db": "BID", "id": "50085" }, { "date": "2011-10-12T00:00:00", "db": "BID", "id": "50122" }, { "date": "2011-10-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "date": "2011-10-14T05:50:20", "db": "PACKETSTORM", "id": "105790" }, { "date": "2011-10-28T21:11:08", "db": "PACKETSTORM", "id": "106335" }, { "date": "2011-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-314" }, { "date": "2011-10-14T10:55:08.760000", "db": "NVD", "id": "CVE-2011-3218" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-14T00:00:00", "db": "VULHUB", "id": "VHN-51163" }, { "date": "2011-10-12T00:00:00", "db": "BID", "id": "50085" }, { "date": "2011-10-12T00:00:00", "db": "BID", "id": "50122" }, { "date": "2011-12-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002484" }, { "date": "2011-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201110-314" }, { "date": "2024-11-21T01:30:00.387000", "db": "NVD", "id": "CVE-2011-3218" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "50085" }, { "db": "BID", "id": "50122" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple QuickTime Player Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002484" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201110-314" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.