CVE-2009-0955

Apple QuickTime < 7.6.2 - Remote Code Execution via Crafted Image Description Atoms

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0955. PoCs published by webDEViL.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2009-0955, targeting a sign extension vulnerability in Apple QuickTime's handling of Image Description Atoms. The byte array is crafted to trigger a memory corruption issue, potentially leading to arbitrary code execution.

Description

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."

Exploits (1)

exploitdb WORKING POC VERIFIED

by webDEViL · textdoswindows

https://www.exploit-db.com/exploits/8862

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2009-0955, targeting a sign extension vulnerability in Apple QuickTime's handling of Image Description Atoms. The byte array is crafted to trigger a memory corruption issue, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple QuickTime (versions prior to 7.6.2)

No auth needed

Prerequisites: Victim must open a maliciously crafted QuickTime file

MITRE ATT&CK