CVE-2011-0257

EPSS 60.1%

Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/17777unverified exploitdbwww.exploit-db.com/exploits/17777unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/8365 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059 http://support.apple.com/kb/HT4826 http://www.exploit-db.com/exploits/17777 http://zerodayinitiative.com/advisories/ZDI-11-252/