CVE-2014-1250

high

Description

Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.

References

http://support.apple.com/kb/HT6150

http://support.apple.com/kb/HT6151

Details

Source: Mitre, NVD

Published: 2014-02-27

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High