Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1017Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
81.3%
top 0.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Quicktime
Timeline
PublishedMay 24
Latest updateMay 17

Description

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/quicktime7.7.3+51

🔴Vulnerability Details

2
GHSA
GHSA-gh8c-p3m8-6x4v: Buffer overflow in Apple QuickTime before 72022-05-17
CVEList
CVE-2013-1017: Buffer overflow in Apple QuickTime before 72013-05-24

💥Exploits & PoCs

2
Exploit-DB
AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities2013-08-29
Exploit-DB
Apple QuickTime 7 - Invalid Atom Length Buffer Overflow (Metasploit)2013-07-22
CVE-2013-1017 — Apple Quicktime vulnerability | cvebase