Heap-based buffer overflow vulnerability in Apple QuickTime before 7.7.9 allows remote code execution or denial of service via crafted TXXX frame in ID3 tag in MP3 data in movie file

Heap-based buffer overflow vulnerability in Apple QuickTime before 7.7.9 allows remote code execution or denial of service via crafted TXXX frame in ID3 tag in MP3 data in movie file

CVE-2015-7092 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117.

Learn more about our Web Application Penetration Testing UK.