Apple.QuickTime.QTJava.toQTPointer.Code.Execution

description-logoDescription

A vulnerability has been identified in Apple QuickTime, which can be leveraged to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime Java extensions.
The vulnerability exists within the routine toQTPointer(), which is exposed through quicktime.util.QTHandleRef. A lack of sanity checking on the parameters passed to this routine allows an attacker to write arbitrary values to memory.

affected-products-logoAffected Products

Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2

Impact logoImpact

Arbitrary code execution.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-12 16.941 Name:Apple.
QTJava.
toQTPointer.
Code.
Execution:Apple.
QuickTime.
QTJava.
toQTPointer.
Code.
Execution