CVE-2002-0252

Apple QuickTime 5.01-5.02 - Remote Code Execution via Long Content-Type MIME Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0252. PoCs published by Subreption LLC., UNYUN.

AI-analyzed exploit summary This exploit targets CVE-2002-0252, a buffer overflow vulnerability in Apple QuickTime RTSP response handling. It includes shellcode for both Mac OS X and Windows, demonstrating remote code execution capabilities.

Description

Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Subreption LLC. · rubyremotemultiple
https://www.exploit-db.com/exploits/4673

This exploit targets CVE-2002-0252, a buffer overflow vulnerability in Apple QuickTime RTSP response handling. It includes shellcode for both Mac OS X and Windows, demonstrating remote code execution capabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple QuickTime 7.3
No auth needed
Prerequisites: Network access to target · Vulnerable version of QuickTime
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by UNYUN · cremotewindows
https://www.exploit-db.com/exploits/21286

This exploit targets a buffer overflow vulnerability in Apple QuickTime for Windows via a maliciously crafted HTTP 'Content-Type' header. It leverages the User-Agent header to identify the target OS and deliver a tailored payload for RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple QuickTime Player 5.01/5.02 for Windows
No auth needed
Prerequisites: Victim must connect to a malicious server · QuickTime must be configured to handle HTTP media requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8126.php
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4673
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101320742616105&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4064

Scores

EPSS 0.1054
EPSS Percentile 95.2%

Details

Status published
Products (2)
apple/quicktime 5.0.1
apple/quicktime 5.0.2
Published May 29, 2002
Tracked Since Feb 18, 2026