QuickTime 7 in Apple OS X prior to 10.10.5 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple quicktime 7.0.0 |
Malformed .MOV files can murder your movies
Two Borg assimilators have discovered five denial of service vulnerabilities in Apple's QuickTime. The five vulnerabilities (CVE-2015-3788 to 3792) affect the latest version of QuickTime up to the patched 7.7.7 for Windows 7. Ryan Pentney and Richard Johnson of Cisco's Talos security talon reported the memory corruption holes which manifest due to improper handling of objects in memory. "An adversary who crafts a specifically formatted .MOV file can cause QuickTime to terminate unexpectedly, cre...