Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10016
Multiple vulnerabilities in Apple QuickTime
Updated: 06/01/2019
Detect date
?
 02/25/2014
Severity
?
 Critical
Description

Multiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities

  1. Improper byte-swapping can be exploited to execute arbitrary code or cause denial of service via a specially designed ttfo element in a movie file
  2. Lack of unspecified pointer initialization can be exploited to execute arbitrary code or cause denial of service via a specially designed tracklist in a movie file
  3. Integer signing can be exploited to execute arbitrary code or cause denial of service via a specially designed stsz atom in a movie file
  4. Vectors related to unknown applications can be exploited to execute arbitrary code or cause denial of service via specially designed idsc, clef, dref and ftab atoms, by a specially designed PSD image or movie file with H.264 encoding.
Affected products

Apple QuickTime versions 7.7.4. and earlier
Solution

Update to latest version
QuickTime
Original advisories

Apple entry
Impacts
?
ACE 
[?]

DoS 
[?]
Related products
 Apple QuickTime
CVE-IDS
?
CVE-2014-12449.3Critical
CVE-2014-12459.3Critical
CVE-2014-12469.3Critical
CVE-2014-12479.3Critical
CVE-2014-12499.3Critical
CVE-2014-12489.3Critical
CVE-2013-10326.8High
CVE-2014-12509.3Critical
CVE-2014-12439.3Critical
CVE-2014-12519.3Critical
© 2019 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up