Intrusion PreventionApple.QuickTime.Cinepak.Codec.MDAT.Parsing.Heap.Corruption
Description
This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple Quicktime.
The vulnerability is caused by an error when parsing the 'mdat' atom in a MOV file. It can be exploited via a crafted MOV file (.mov), leading to remote code execution.
Affected Products
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Apple QuickTime Player 6.4
Apple QuickTime Player 6
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the vendor's web site:
http://www.apple.com/quicktime/download/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-01-11 | 16.995 |
| ID | 17218 |
| Created | Dec 17, 2009 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2009-0006 |
| Exploit Prediction Score | 59.45% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, MacOS |
| Affected App | Apple |