SB2016041402 - Two remote code execution vulnerabilities in Apple QuickTime
Published: April 14, 2016 Updated: August 26, 2020
Security Bulletin ID
SB2016041402
Severity
Critical
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: N/A)
The vulnerability allows remote attackers to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when processing media files. A remote attacker can create a media file with specially crafted moov atom field, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
2) Heap-based buffer overflow (CVE-ID: N/A)
The vulnerability allows remote attackers to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when processing media files. A remote attacker can create a media file with specially crafted moov atom field, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.