CVE-2001-0198
QuickTime Player plugin 4.1.2 - Buffer Overflow via EMBED Tag HREF Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-0198. PoCs published by UNYUN.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Apple QuickTime 4.1.2 plugin for Windows. It crafts a malicious HTML file with an EMBED tag containing excess data to trigger the overflow and execute arbitrary shellcode.
Description
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by UNYUN · c++remotewindows
https://www.exploit-db.com/exploits/20605
This exploit targets a buffer overflow vulnerability in Apple QuickTime 4.1.2 plugin for Windows. It crafts a malicious HTML file with an EMBED tag containing excess data to trigger the overflow and execute arbitrary shellcode.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Apple QuickTime 4.1.2 plugin for Windows
No auth needed
Prerequisites:
Victim must visit a malicious webpage or open a crafted HTML file · QuickTime 4.1.2 plugin must be installed on the target system
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6040
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2328
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/20605
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98096678523370&w=2
Scores
EPSS
0.0718
EPSS Percentile
91.8%
Details
Status
published
Products (1)
apple/quicktime
4.1.2
Published
May 03, 2001
Tracked Since
Feb 18, 2026