var-201211-0323
Vulnerability from variot
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA51226
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226
RELEASE DATE: 2012-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51226/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51226
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow.
2) An error when processing a PICT file can be exploited to corrupt memory.
3) A use-after-free error exists in the plugin when handling "qtactivex" parameters within an HTML object.
4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file.
5) Some errors when processing TeXML files can be exploited to cause a buffer overflows.
6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow.
7) A use-after-free error exists in the ActiveX control when handling "Clear()" method.
8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow.
9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow.
The vulnerabilities are reported in versions prior to 7.7.3.
SOLUTION: Update to version 7.7.3.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab
ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-11-07-1 QuickTime 7.7.3
QuickTime 7.7.3 is now available and addresses the following:
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR)
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of 'qtactivex' parameters within a HTML object element. This issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab
QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0323",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.0"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4"
}
],
"sources": [
{
"db": "BID",
"id": "56557"
},
{
"db": "BID",
"id": "56438"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arezou Hosseinzad-Amirkhizi from Vulnerability Research Team, TELUS Security Labs",
"sources": [
{
"db": "BID",
"id": "56557"
}
],
"trust": 0.3
},
"cve": "CVE-2012-3752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3752",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-57033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3752",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3752",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-176",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-57033",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2012-3752",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. \nThese issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. \nVersions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. \nThis BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51226\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51226/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51226\n\nRELEASE DATE:\n2012-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51226/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51226/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51226\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple QuickTime, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\n1) A boundary error when processing a PICT file can be exploited to\ncause a buffer overflow. \n\n2) An error when processing a PICT file can be exploited to corrupt\nmemory. \n\n3) A use-after-free error exists in the plugin when handling\n\"_qtactivex_\" parameters within an HTML object. \n\n4) A boundary error when handling the transform attribute of\n\"text3GTrack\" elements can be exploited to cause a buffer overflow\nvia a specially crafted TeXML file. \n\n5) Some errors when processing TeXML files can be exploited to cause\na buffer overflows. \n\n6) A boundary error when handling certain MIME types within a plugin\ncan be exploited to cause a buffer overflow. \n\n7) A use-after-free error exists in the ActiveX control when handling\n\"Clear()\" method. \n\n8) A boundary error when processing a Targa file can be exploited to\ncause a buffer overflow. \n\n9) A boundary error when processing the \"rnet\" box within MP4 files\ncan be exploited to cause a buffer overflow. \n\nThe vulnerabilities are reported in versions prior to 7.7.3. \n\nSOLUTION:\nUpdate to version 7.7.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Mark Yason, IBM X-Force\n2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research\n(MSVR)\n3, 7) chkr_d591 via iDefense VCP\n4) Alexander Gavrun via ZDI\n5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS\nSecurity Labs\n6) Pavel Polischouk, Vulnerability Research Team, TELUS Security\nLabs\n8) Senator of Pirates\n9) Kevin Szkudlapski, QuarksLab\n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT5581\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-11-07-1 QuickTime 7.7.3\n\nQuickTime 7.7.3 is now available and addresses the following:\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted PICT file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of REGION\nrecords in PICT files. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2011-1374 : Mark Yason of the IBM X-Force\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted PICT file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPICT files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability\nResearch (MSVR)\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A use after free issue existed in the QuickTime\nplugin\u0027s handling of \u0027_qtactivex_\u0027 parameters within a HTML object\nelement. This issue was addressed through improved memory handling. This issue was addressed\nthrough improved bounds checking. These issues were addressed\nthrough improved bounds checking. \nCVE-ID\nCVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research\nTeam, TELUS Security Labs\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the QuickTime plugin\u0027s\nhandling of MIME types. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS\nSecurity Labs\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A use after free issue existed in the QuickTime ActiveX\ncontrol\u0027s handling of the Clear() method. This issue was addressed\nthrough improved memory management. \nCVE-ID\nCVE-2012-3754 : CHkr_d591 working with iDefense VCP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted Targa file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of Targa\nimage files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2012-3755 : Senator of Pirates\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027rnet\u0027\nboxes in MP4 files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2012-3756 : Kevin Szkudlapski of QuarksLab\n\n\nQuickTime 7.7.3 may be obtained from the QuickTime Downloads site:\nhttp://www.apple.com/quicktime/download/\n\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98\nJFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW\nYW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d\nHysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp\nTNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW\nKK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa\n7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt\nTJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym\nZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu\nRCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64\nI8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX\nHhmkaRhwV4stZsLFzwIW\n=nV8Y\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3752"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "BID",
"id": "56557"
},
{
"db": "BID",
"id": "56438"
},
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"db": "PACKETSTORM",
"id": "117990"
},
{
"db": "PACKETSTORM",
"id": "117977"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57033",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=22905",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "VULMON",
"id": "CVE-2012-3752"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3752",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "51226",
"trust": 1.9
},
{
"db": "BID",
"id": "56557",
"trust": 1.5
},
{
"db": "PACKETSTORM",
"id": "118359",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU91379555",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201211-176",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2012-11-07-1",
"trust": 0.6
},
{
"db": "BID",
"id": "56438",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "22905",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-76698",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-57033",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-3752",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117990",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117977",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"db": "BID",
"id": "56557"
},
{
"db": "BID",
"id": "56438"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "PACKETSTORM",
"id": "117990"
},
{
"db": "PACKETSTORM",
"id": "117977"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"id": "VAR-201211-0323",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-57033"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:41:14.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2012-11-07-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"title": "HT5581",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5581"
},
{
"title": "HT5581",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5581?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://support.apple.com/kb/ht5581"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2012/nov/msg00002.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/51226"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/56557"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/118359/apple-quicktime-7.7.2-texml-style-element-font-table-field-stack-buffer-overflow.html"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16121"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79899"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3752"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91379555/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3752"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/22905/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/windows/browser/apple_quicktime_texml_font_table"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=27384"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51226"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51226/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51226/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3756"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3752"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3755"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3754"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1374"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3751"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"db": "BID",
"id": "56557"
},
{
"db": "BID",
"id": "56438"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "PACKETSTORM",
"id": "117990"
},
{
"db": "PACKETSTORM",
"id": "117977"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-57033"
},
{
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"db": "BID",
"id": "56557"
},
{
"db": "BID",
"id": "56438"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"db": "PACKETSTORM",
"id": "117990"
},
{
"db": "PACKETSTORM",
"id": "117977"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-57033"
},
{
"date": "2012-11-09T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"date": "2012-11-07T00:00:00",
"db": "BID",
"id": "56557"
},
{
"date": "2012-11-07T00:00:00",
"db": "BID",
"id": "56438"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"date": "2012-11-09T07:09:28",
"db": "PACKETSTORM",
"id": "117990"
},
{
"date": "2012-11-08T23:46:07",
"db": "PACKETSTORM",
"id": "117977"
},
{
"date": "2012-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"date": "2012-11-09T19:55:01.380000",
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-57033"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3752"
},
{
"date": "2012-11-07T00:00:00",
"db": "BID",
"id": "56557"
},
{
"date": "2012-11-07T00:00:00",
"db": "BID",
"id": "56438"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005298"
},
{
"date": "2012-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-176"
},
{
"date": "2024-11-21T01:41:36.073000",
"db": "NVD",
"id": "CVE-2012-3752"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "56557"
},
{
"db": "BID",
"id": "56438"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005298"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-176"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.