CVE-2011-0248 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

2.7%

top 14.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedAug 4

Latest updateMay 13

Description

Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/quicktime7.6.9+53

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-x35m-cvv2-x2rr: Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7↗2022-05-13

▶

CVEList

CVE-2011-0248: Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7↗2011-08-04

▶