CVE ID | CVE-2012-0665 |
CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
Apple |
AFFECTED PRODUCTS |
QuickTime |
VULNERABILITY DETAILS |
The specific flaw exists within the QuicktimeH264 modules in the QuickTime player that handles H264 encoded movies. When the value for 'pic_width_in_mbs_minus_1' and 'pic_height_in_map_units_minus_1' in the AVCC header data differs from the actual picture width and height a heap buffer overflow occurs. This can result in remote code execution under the context of the current process.
|
ADDITIONAL DETAILS |
Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT5261 |
DISCLOSURE TIMELINE |
|
CREDIT | Luigi Auriemma |