var-201305-0260
Vulnerability from variot
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Apple QuickTime handles textBox elements within a TeXML file. Specifically, the code within QuickTime.qts does not properly validate the coordinate values of the x and y attributes. By providing specially crafted coordinate values, the code can be made to write data ahead of a buffer, leading to memory corruption. Apple QuickTime is prone to a memory-corruption vulnerability. Versions prior to QuickTime 7.7.4 are vulnerable on Windows 7, Vista, and XP. Note: This issue was previously discussed in BID 60086 (Apple QuickTime Prior To 7.7.4 Multiple Arbitrary Code Execution Vulnerabilities), but has been moved to its own record for better documentation. The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
QuickTime 7.7.4 is now available and addresses the following:
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of TeXML files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1015 : Aniway.Anyway@gmail.com working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of H.263 encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1016 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1017 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of JPEG encoded data. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1020 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0987 : roob working with iDefense VCP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG encoded data. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1021 : Mil3s beep working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
QuickTime 7.7.4 may be obtained from the QuickTime Downloads site: http://support.apple.com/downloads/
The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 50395ed3c9ac1f8104e0ad18c99a14c03755d060
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRnRFuAAoJEPefwLHPlZEwxAUP/17v2uoUVcz8EqTDyfX5Hntm uAORsTKZ14ZKIN16pNjWNyUMHJSdgOB7DJVbr8ZtaNg4zN2nrZ+tBbAi233uhbe0 1CGwkOkL4bi5JR3btZ7AxORETKMLgwATwahVJZLfRcZp9IMhiIZ5JIP/rmdgH2IL 52/dRRsWrg3Guk36EAqzznelTSeVLP2cQMw9d0ukvsz9jOIMpOJ7FXmv/7K0003c 2m6OtuScfy4Q+BIqql13kZ94cAILPUovIz2L900ry9AQVTbdwwggQ5Tgnf1lqUYy xBnAVFsS/WWwEN4MyNbkdvsQEUc04vBgTN8dIfGUV4M/MLIRzY9TX+uamxoU/FRA cfPSGlcQi21poOJ6a9bzVfPBkmPaz4P0M3VplSbAJAqYpALsMVH332mjd2m1o5pL 5VE8EUGcmHIa1jgdrsiWzYThzJIE+KCY6iW/PemC2DzcNz0uJUChPC/ao9UWPLII 05F0xVO4mGa+UClgX5o5OLvOFecX6redFjXuQk/QVzzDP95GIyAybLjQYeuFVpgD 1KGgF0CYjYuk19hZh+HcfZ9j7RIUOrVdCVFIH0+v+IZwRsAh+6NamvdRWTaI5fjg PiQs1l+8IirII5xrikS6TanUewzdpIyK+pHBtz/OwneLKm79vSYdMLZDQU6deeoN X0HHvIjtkT16kuhL1yMx =lnE0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.4 (windows)"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "BID",
"id": "60110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aniway.Anyway@gmail.com working with HP\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "60110"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
}
],
"trust": 0.9
},
"cve": "CVE-2013-1015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-1015",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1015",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-61017",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1015",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-1015",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2013-1015",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-518",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-61017",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "VULHUB",
"id": "VHN-61017"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Apple QuickTime handles textBox elements within a TeXML file. Specifically, the code within QuickTime.qts does not properly validate the coordinate values of the x and y attributes. By providing specially crafted coordinate values, the code can be made to write data ahead of a buffer, leading to memory corruption. Apple QuickTime is prone to a memory-corruption vulnerability. \nVersions prior to QuickTime 7.7.4 are vulnerable on Windows 7, Vista, and XP. \nNote: This issue was previously discussed in BID 60086 (Apple QuickTime Prior To 7.7.4 Multiple Arbitrary Code Execution Vulnerabilities), but has been moved to its own record for better documentation. The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-05-22-1 QuickTime 7.7.4\n\nQuickTime 7.7.4 is now available and addresses the following:\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Opening a maliciously crafted TeXML file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nTeXML files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1015 : Aniway.Anyway@gmail.com working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of H.263\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1016 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027dref\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-1017 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of H.264\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1018 : G. Geshev working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted MP3 file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of MP3 files. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0989 : G. Geshev working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of Sorenson\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1019 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nJPEG encoded data. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1020 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted QTIF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nQTIF files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-0987 : roob working with iDefense VCP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Opening a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG\nencoded data. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1021 : Mil3s beep working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027enof\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0986 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted FPX file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of FPX files. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-0988 : G. Geshev working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer underflow existed in the handling of \u0027mvhd\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2013-1022 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nQuickTime 7.7.4 may be obtained from the QuickTime Downloads site:\nhttp://support.apple.com/downloads/\n\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: 50395ed3c9ac1f8104e0ad18c99a14c03755d060\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJRnRFuAAoJEPefwLHPlZEwxAUP/17v2uoUVcz8EqTDyfX5Hntm\nuAORsTKZ14ZKIN16pNjWNyUMHJSdgOB7DJVbr8ZtaNg4zN2nrZ+tBbAi233uhbe0\n1CGwkOkL4bi5JR3btZ7AxORETKMLgwATwahVJZLfRcZp9IMhiIZ5JIP/rmdgH2IL\n52/dRRsWrg3Guk36EAqzznelTSeVLP2cQMw9d0ukvsz9jOIMpOJ7FXmv/7K0003c\n2m6OtuScfy4Q+BIqql13kZ94cAILPUovIz2L900ry9AQVTbdwwggQ5Tgnf1lqUYy\nxBnAVFsS/WWwEN4MyNbkdvsQEUc04vBgTN8dIfGUV4M/MLIRzY9TX+uamxoU/FRA\ncfPSGlcQi21poOJ6a9bzVfPBkmPaz4P0M3VplSbAJAqYpALsMVH332mjd2m1o5pL\n5VE8EUGcmHIa1jgdrsiWzYThzJIE+KCY6iW/PemC2DzcNz0uJUChPC/ao9UWPLII\n05F0xVO4mGa+UClgX5o5OLvOFecX6redFjXuQk/QVzzDP95GIyAybLjQYeuFVpgD\n1KGgF0CYjYuk19hZh+HcfZ9j7RIUOrVdCVFIH0+v+IZwRsAh+6NamvdRWTaI5fjg\nPiQs1l+8IirII5xrikS6TanUewzdpIyK+pHBtz/OwneLKm79vSYdMLZDQU6deeoN\nX0HHvIjtkT16kuhL1yMx\n=lnE0\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1015"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "BID",
"id": "60110"
},
{
"db": "VULHUB",
"id": "VHN-61017"
},
{
"db": "PACKETSTORM",
"id": "121739"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1015",
"trust": 3.6
},
{
"db": "BID",
"id": "60110",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92679127",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1628",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-112",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "53520",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2013-05-22-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-61017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121739",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "VULHUB",
"id": "VHN-61017"
},
{
"db": "BID",
"id": "60110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "PACKETSTORM",
"id": "121739"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"id": "VAR-201305-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61017"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:18:10.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2013-05-22-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html"
},
{
"title": "HT5770",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5770"
},
{
"title": "HT5770",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5770?viewlocale=ja_JP"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://support.apple.com/kb/HT1222"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61017"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2013/may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5770"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16237"
},
{
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1015"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92679127/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1015"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53520"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60110"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1015"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0986"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0988"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "VULHUB",
"id": "VHN-61017"
},
{
"db": "BID",
"id": "60110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "PACKETSTORM",
"id": "121739"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"db": "VULHUB",
"id": "VHN-61017"
},
{
"db": "BID",
"id": "60110"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"db": "PACKETSTORM",
"id": "121739"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-11T00:00:00",
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"date": "2013-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-61017"
},
{
"date": "2013-05-22T00:00:00",
"db": "BID",
"id": "60110"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"date": "2013-05-23T19:59:58",
"db": "PACKETSTORM",
"id": "121739"
},
{
"date": "2013-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"date": "2013-05-24T16:43:58.573000",
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-11T00:00:00",
"db": "ZDI",
"id": "ZDI-13-112"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-61017"
},
{
"date": "2013-06-12T07:26:00",
"db": "BID",
"id": "60110"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002803"
},
{
"date": "2013-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-518"
},
{
"date": "2017-09-19T01:35:58.060000",
"db": "NVD",
"id": "CVE-2013-1015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002803"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-518"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.