CVE-2011-3223

Related Files

Apple Security Advisory 2011-10-26-1

Posted Oct 28, 2011

Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution

systems | apple

advisories | CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3218, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251

SHA-256 | 151e9a6bdb019b931ecf77d87bbf59eb16ed9d92b2e975ee1c0e5a7b931ccf76

Download | Favorite | View

Zero Day Initiative Advisory 11-313

Posted Oct 27, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-313 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. When Quicktime tries to decompress this data it reads a user supplied RLE Packet count field from the file and uses that as loop counter. A high value for this field will cause Quicktime to write outside previously allocated memory which could result into remote code execution.

tags | advisory, remote, arbitrary, code execution

systems | apple

advisories | CVE-2011-3223

SHA-256 | 45489e6bcd5489bd68ed6bfde99280dedd3b41ee95eb68978163dd7dddbf7411

Download | Favorite | View