CVE-2011-3251

Related Files

Apple Security Advisory 2011-10-26-1

Posted Oct 28, 2011

Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution

systems | apple

advisories | CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3218, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251

SHA-256 | 151e9a6bdb019b931ecf77d87bbf59eb16ed9d92b2e975ee1c0e5a7b931ccf76

Download | Favorite | View

Zero Day Initiative Advisory 11-316

Posted Oct 27, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-316 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. When Quicktime later uses the function to determine where it should write its data it does check the upper boundaries, but not the lower ones causing a heap buffer underwrite. This can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution

systems | apple

advisories | CVE-2011-3251

SHA-256 | 74594dbdae073622048f6651ace5317e0546240bb0f13a6f484ff95a939e5d92

Download | Favorite | View