Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0198Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

4 documents4 sources
Severity
7.6HIGHNVD
EPSS
7.2%
top 8.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Quicktime
Timeline
PublishedMay 3
Latest updateApr 30

Description

Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/quicktime4.1.2

🔴Vulnerability Details

2
GHSA
GHSA-cv5v-5chv-qf85: Buffer overflow in QuickTime Player plugin 42022-04-30
CVEList
CVE-2001-0198: Buffer overflow in QuickTime Player plugin 42001-03-09

💥Exploits & PoCs

1
Exploit-DB
Apple QuickTime plugin - Windows 4.1.2 (Japanese) Remote Overflow2012-08-18
CVE-2001-0198 — Apple Quicktime vulnerability | cvebase