Remote Code Execution and Denial of Service Vulnerability in QuickTime by Apple
CVE-2015-3792

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime
Vendor: CVE Published:; 17 August 2015

What is CVE-2015-3792?

Apple's QuickTime 7 on OS X prior to version 10.10.5 is susceptible to a remote code execution and denial of service vulnerability. By exploiting a specially crafted file, attackers can trigger memory corruption issues, potentially leading to arbitrary code execution or crashing the application. This vulnerability poses significant risks, especially if users are tricked into opening malicious files.

References

https://support.apple.com/HT205046

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76340

vdb-entryx_refsource_BID

http://lists.apple.com/archives/security-announce/2015/Au...

vendor-advisoryx_refsource_APPLE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2015
Vulnerability Reserved
May 7, 2015