The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apple QuickTime: memory corruption via MVHD

Synthesis of the vulnerability 

An attacker can generate a memory corruption via MVHD fields of an Apple QuickTime file, in order to trigger a denial of service, and possibly to execute code.
Vulnerable products: QuickTime.
Severity of this weakness: 3/4.
Creation date: 24/07/2014.
Références of this bulletin: CVE-2014-4979, VIGILANCE-VUL-15096, ZDI-14-264.

Description of the vulnerability 

The file format for Apple QuickTime uses a MVHD atom to store videos.

However, when reading an MVHD atom, the memory is corrupted.

An attacker can therefore generate a memory corruption via MVHD fields of an Apple QuickTime file, in order to trigger a denial of service, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as QuickTime.

Our Vigil@nce team determined that the severity of this security note is important.

The trust level is of type confirmed by a trusted third party, with an origin of document.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.