Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0955Code Injection in Apple Quicktime

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
23.5%
top 4.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Quicktime
Timeline
PublishedJun 2
Latest updateMay 2

Description

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/quicktime7.6.1+48

Patches

Patch: support.apple.comPatch: www.securityfocus.comPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-jpvf-fchh-626j: Apple QuickTime before 72022-05-02
CVEList
CVE-2009-0955: Apple QuickTime before 72009-06-02

💥Exploits & PoCs

1
Exploit-DB
Apple QuickTime - Image Description Atom Sign Extension (PoC)2009-06-03
CVE-2009-0955 — Code Injection in Apple Quicktime | cvebase