CVE-2010-1799

Apple Quicktime - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16558

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Krystian Kloskowski, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://support.apple.com/kb/HT4290

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11800

[Mailing List, Vendor Advisory] http://lists.apple.com/archives/security-announce/2010//Aug/msg00002.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/41962

Scores

EPSS 0.6768

EPSS Percentile 98.6%

Details

CWE

CWE-119

Status published

Products (27)

apple/quicktime (2 CPE variants)

apple/quicktime 3.0

apple/quicktime 4.1.2 (3 CPE variants)

apple/quicktime 5.0

apple/quicktime 5.0.1 (2 CPE variants)

apple/quicktime 5.0.2 (2 CPE variants)

apple/quicktime 6.0 (2 CPE variants)

apple/quicktime 6.0.0 (2 CPE variants)

apple/quicktime 6.0.1 (2 CPE variants)

apple/quicktime 6.0.2 (2 CPE variants)

... and 17 more

Published Aug 16, 2010

Tracked Since Feb 18, 2026