Remote Code Execution Vulnerability in Apple QuickTime
CVE-2015-7090

6.6MEDIUM

Key Information:

Vendor

Apple
Status
Quicktime
Vendor
CVE Published:
9 January 2016

What is CVE-2015-7090?

A vulnerability in Apple QuickTime prior to version 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service condition. This is achieved through specially crafted movie files that trigger memory corruption, leading to potential application crashes and exploitation of the affected software.

References

http://lists.apple.com/archives/security-announce/2016/Ja...
vendor-advisoryx_refsource_APPLE
http://www.securitytracker.com/id/1034610
vdb-entryx_refsource_SECTRACK
https://support.apple.com/HT205638
x_refsource_CONFIRM

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.