CVE-2011-0257

Apple QuickTime PICT PnSize Buffer Overflow

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0257. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/fileformat/apple_quicktime_pnsize.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Apple QuickTime Player 7.60.92.0 via a crafted .mov file with a malformed PnSize value. It leverages SEH overwrite and alphanumeric shellcode to achieve remote code execution.

Description

Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/17777

This exploit targets a buffer overflow vulnerability in Apple QuickTime Player 7.60.92.0 via a crafted .mov file with a malformed PnSize value. It leverages SEH overwrite and alphanumeric shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple QuickTime Player 7.60.92.0
No auth needed
Prerequisites: Victim must open the malicious .mov file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.60.92.0 via a crafted PICT PnSize value in a .mov file, achieving arbitrary code execution. It includes DEP bypass via ROP and delivers a payload encoded with alphanumeric upper encoding.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple QuickTime 7.60.92.0
No auth needed
Prerequisites: Victim must open the malicious .mov file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4826
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8365
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17777
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-252/

Scores

EPSS 0.6011
EPSS Percentile 99.0%

Details

CWE
CWE-189
Status published
Products (32)
apple/quicktime 7.0.0
apple/quicktime 7.0.1
apple/quicktime 7.0.2
apple/quicktime 7.0.3
apple/quicktime 7.0.4
apple/quicktime 7.1.0
apple/quicktime 7.1.1
apple/quicktime 7.1.2
apple/quicktime 7.1.3
apple/quicktime 7.1.4
... and 22 more
Published Aug 15, 2011
Tracked Since Feb 18, 2026