Sign-up

ID

VAR-201305-0258


CVE

CVE-2013-1019


TITLE

Apple QuickTime Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-002807

DESCRIPTION

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of a malformed Sorenson Video 3 mdat section in a QuickTime mov file. This can lead to memory corruption that could lead to remote code execution under the context of the process. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.4 are vulnerable on Windows 7, Vista, and XP. Note: This issue was previously discussed in BID 60086 (Apple QuickTime Prior To 7.7.4 Multiple Arbitrary Code Execution Vulnerabilities), but has been moved to its own record for better documentation. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-05-22-1 QuickTime 7.7.4 QuickTime 7.7.4 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of TeXML files. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1016 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1017 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0989 : G. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of JPEG encoded data. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1020 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1021 : Mil3s beep working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative QuickTime 7.7.4 may be obtained from the QuickTime Downloads site: http://support.apple.com/downloads/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 50395ed3c9ac1f8104e0ad18c99a14c03755d060 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRnRFuAAoJEPefwLHPlZEwxAUP/17v2uoUVcz8EqTDyfX5Hntm uAORsTKZ14ZKIN16pNjWNyUMHJSdgOB7DJVbr8ZtaNg4zN2nrZ+tBbAi233uhbe0 1CGwkOkL4bi5JR3btZ7AxORETKMLgwATwahVJZLfRcZp9IMhiIZ5JIP/rmdgH2IL 52/dRRsWrg3Guk36EAqzznelTSeVLP2cQMw9d0ukvsz9jOIMpOJ7FXmv/7K0003c 2m6OtuScfy4Q+BIqql13kZ94cAILPUovIz2L900ry9AQVTbdwwggQ5Tgnf1lqUYy xBnAVFsS/WWwEN4MyNbkdvsQEUc04vBgTN8dIfGUV4M/MLIRzY9TX+uamxoU/FRA cfPSGlcQi21poOJ6a9bzVfPBkmPaz4P0M3VplSbAJAqYpALsMVH332mjd2m1o5pL 5VE8EUGcmHIa1jgdrsiWzYThzJIE+KCY6iW/PemC2DzcNz0uJUChPC/ao9UWPLII 05F0xVO4mGa+UClgX5o5OLvOFecX6redFjXuQk/QVzzDP95GIyAybLjQYeuFVpgD 1KGgF0CYjYuk19hZh+HcfZ9j7RIUOrVdCVFIH0+v+IZwRsAh+6NamvdRWTaI5fjg PiQs1l+8IirII5xrikS6TanUewzdpIyK+pHBtz/OwneLKm79vSYdMLZDQU6deeoN X0HHvIjtkT16kuhL1yMx =lnE0 -----END PGP SIGNATURE-----

Trust: 2.79

sources: NVD: CVE-2013-1019 // JVNDB: JVNDB-2013-002807 // ZDI: ZDI-13-118 // BID: 60102 // VULHUB: VHN-61021 // PACKETSTORM: 121739 // PACKETSTORM: 122280

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:6.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.1.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.9

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:5.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:5.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:quicktimescope:lteversion:7.7.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.7

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.6

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.2.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.6

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.2.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.3.0

Trust: 1.0

vendor:applemodel:tvscope:ltversion:6.0 (apple tv first 2 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.7.4 (windows)

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

vendor:applemodel:quicktime playerscope:eqversion:7.7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.9

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

sources: ZDI: ZDI-13-118 // BID: 60102 // JVNDB: JVNDB-2013-002807 // CNNVD: CNNVD-201305-511 // NVD: CVE-2013-1019

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1019
value: HIGH

Trust: 1.0

NVD: CVE-2013-1019
value: HIGH

Trust: 0.8

ZDI: CVE-2013-1019
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201305-511
value: CRITICAL

Trust: 0.6

VULHUB: VHN-61021
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1019
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2013-1019
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-61021
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-13-118 // VULHUB: VHN-61021 // JVNDB: JVNDB-2013-002807 // CNNVD: CNNVD-201305-511 // NVD: CVE-2013-1019

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-61021 // JVNDB: JVNDB-2013-002807 // NVD: CVE-2013-1019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-511

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201305-511

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002807

PATCH
title:APPLE-SA-2013-07-02-1url:http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html
Trust: 0.8
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:APPLE-SA-2013-05-22-1url:http://lists.apple.com/archives/security-announce/2013/May/msg00001.html
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT5935url:http://support.apple.com/kb/HT5935
Trust: 0.8
title:HT5770url:http://support.apple.com/kb/HT5770
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
title:HT5935url:http://support.apple.com/kb/HT5935?viewlocale=ja_JP
Trust: 0.8
title:HT5770url:http://support.apple.com/kb/HT5770?viewlocale=ja_JP&locale=ja_JP
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:http://support.apple.com/kb/HT1222
Trust: 0.7
sources:
            
            
            ZDI: ZDI-13-118 // 
            
            
            
            JVNDB: JVNDB-2013-002807

EXTERNAL IDS
db:NVDid:CVE-2013-1019
Trust: 3.7
db:SECUNIAid:54886
Trust: 1.1
db:ZDIid:ZDI-13-118
Trust: 1.0
db:BIDid:60102
Trust: 1.0
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNid:JVNVU92679127
Trust: 0.8
db:JVNDBid:JVNDB-2013-002807
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-1709
Trust: 0.7
db:CNNVDid:CNNVD-201305-511
Trust: 0.7
db:SECUNIAid:53520
Trust: 0.6
db:APPLEid:APPLE-SA-2013-05-22-1
Trust: 0.6
db:PACKETSTORMid:122280
Trust: 0.2
db:VULHUBid:VHN-61021
Trust: 0.1
db:PACKETSTORMid:121739
Trust: 0.1
sources:
            
            
            ZDI: ZDI-13-118 // 
            
            
            
            VULHUB: VHN-61021 // 
            
            
            
            BID: 60102 // 
            
            
            
            JVNDB: JVNDB-2013-002807 // 
            
            
            
            PACKETSTORM: 121739 // 
            
            
            
            PACKETSTORM: 122280 // 
            
            
            
            CNNVD: CNNVD-201305-511 // 
            
            
            
            NVD: CVE-2013-1019

REFERENCES
url:http://support.apple.com/kb/ht5770
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2013/may/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2013/jul/msg00000.html
Trust: 1.4
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.4
url:http://support.apple.com/kb/ht5934
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16830
Trust: 1.1
url:http://secunia.com/advisories/54886
Trust: 1.1
url:http://support.apple.com/kb/ht1222
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1019
Trust: 0.8
url:http://jvn.jp/cert/jvnvu92679127/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1019
Trust: 0.8
url:http://secunia.com/advisories/53520
Trust: 0.6
url:http://www.securityfocus.com/bid/60102
Trust: 0.6
url:http://support.apple.com/kb/ht5935
Trust: 0.3
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-13-118/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2013-1019
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-1018
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-1022
Trust: 0.2
url:http://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2013-0987
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1020
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1016
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1021
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1015
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1017
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0989
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0986
Trust: 0.1
url:http://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0988
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
sources:
            
            
            ZDI: ZDI-13-118 // 
            
            
            
            VULHUB: VHN-61021 // 
            
            
            
            BID: 60102 // 
            
            
            
            JVNDB: JVNDB-2013-002807 // 
            
            
            
            PACKETSTORM: 121739 // 
            
            
            
            PACKETSTORM: 122280 // 
            
            
            
            CNNVD: CNNVD-201305-511 // 
            
            
            
            NVD: CVE-2013-1019

CREDITS
Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-13-118

SOURCES
db:ZDIid:ZDI-13-118
db:VULHUBid:VHN-61021
db:BIDid:60102
db:JVNDBid:JVNDB-2013-002807
db:PACKETSTORMid:121739
db:PACKETSTORMid:122280
db:CNNVDid:CNNVD-201305-511
db:NVDid:CVE-2013-1019

LAST UPDATE DATE
2025-04-11T21:41:04.971000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-13-118date:2013-06-11T00:00:00
db:VULHUBid:VHN-61021date:2017-09-19T00:00:00
db:BIDid:60102date:2015-03-19T08:31:00
db:JVNDBid:JVNDB-2013-002807date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201305-511date:2013-09-27T00:00:00
db:NVDid:CVE-2013-1019date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-13-118date:2013-06-11T00:00:00
db:VULHUBid:VHN-61021date:2013-05-24T00:00:00
db:BIDid:60102date:2013-05-22T00:00:00
db:JVNDBid:JVNDB-2013-002807date:2013-05-27T00:00:00
db:PACKETSTORMid:121739date:2013-05-23T19:59:58
db:PACKETSTORMid:122280date:2013-07-03T19:19:52
db:CNNVDid:CNNVD-201305-511date:2013-05-24T00:00:00
db:NVDid:CVE-2013-1019date:2013-05-24T16:43:58.667