CVE-2012-3753

Apple QuickTime < 7.7.3 - Remote Code Execution via Crafted MIME Type

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-3753. PoCs published by Metasploit, Pavel Polischouk, juan vazquez, including Metasploit module exploits/windows/browser/apple_quicktime_mime_type.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2 via a malformed Content-Type header, achieving remote code execution on Windows XP SP3 with Safari 5.1.7 or 5.0.5. It uses heap spraying and ROP techniques to bypass memory protections.

Description

Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22973

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2 via a malformed Content-Type header, achieving remote code execution on Windows XP SP3 with Safari 5.1.7 or 5.0.5. It uses heap spraying and ROP techniques to bypass memory protections.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple QuickTime 7.7.2

No auth needed

Prerequisites: Victim must be using Safari 5.1.7 or 5.0.5 on Windows XP SP3 with QuickTime 7.7.2 installed · Victim must visit a malicious link or be redirected to the exploit server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Pavel Polischouk, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/apple_quicktime_mime_type.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Apple QuickTime 7.7.2 via a malformed Content-Type header. It uses heap spraying and ROP techniques to achieve remote code execution on vulnerable Windows systems running Safari.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Apple QuickTime 7.7.2

No auth needed

Prerequisites: Victim must visit a malicious web page · QuickTime 7.7.2 must be installed · Safari 5.0.5 or 5.1.7 on Windows XP SP3

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51226

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15947

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/118421/Apple-QuickTime-7.7.2-MIME-Type-Buffer-Overflow.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/79900

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5581

Scores

EPSS 0.3508

EPSS Percentile 98.2%

Details

CWE

CWE-119

Status published

Products (50)

apple/quicktime 3.0

apple/quicktime 4.1.2

apple/quicktime 5.0

apple/quicktime 5.0.1

apple/quicktime 5.0.2

apple/quicktime 6.0

apple/quicktime 6.0.0

apple/quicktime 6.0.1

apple/quicktime 6.0.2

apple/quicktime 6.1

... and 40 more

Published Nov 09, 2012

Tracked Since Feb 18, 2026