CVE-2013-6114

Apple Motion 5.0.7 - Denial of Service via OZDocument::parseElement Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6114. PoCs published by Jean Pascal Pereira.

AI-analyzed exploit summary This exploit demonstrates an integer overflow vulnerability in Apple Motion 5.0.7, where a crafted .motn file with a malformed subview attribute triggers a memory access violation, leading to a crash. The PoC provides a specific XML payload that causes the application to attempt accessing an invalid memory address.

Description

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.

Exploits (1)

exploitdb WORKING POC

by Jean Pascal Pereira · textdososx

https://www.exploit-db.com/exploits/28811

View Code ZIP pw:eip

This exploit demonstrates an integer overflow vulnerability in Apple Motion 5.0.7, where a crafted .motn file with a malformed subview attribute triggers a memory access violation, leading to a crash. The PoC provides a specific XML payload that causes the application to attempt accessing an invalid memory address.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple Motion 5.0.7

No auth needed

Prerequisites: Ability to deliver a crafted .motn file to the target system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/28811/

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT6041

Scores

EPSS 0.0490

EPSS Percentile 91.0%

Details

CWE

CWE-190

Status published

Products (1)

apple/motion 5.0.7

Published Nov 04, 2013

Tracked Since Feb 18, 2026