Sign-up

ID

VAR-201704-0009


CVE

CVE-2011-3428


TITLE

Windows for Apple QuickTime Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2011-005397

DESCRIPTION

Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. The software is capable of handling multiple sources such as digital video, media segments, and more

Trust: 1.71

sources: NVD: CVE-2011-3428 // JVNDB: JVNDB-2011-005397 // VULHUB: VHN-51373

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:lteversion:7.7.6

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.7.1 (windows)

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:7.7.6

Trust: 0.6

sources: JVNDB: JVNDB-2011-005397 // CNNVD: CNNVD-201704-1346 // NVD: CVE-2011-3428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3428
value: CRITICAL

Trust: 1.0

NVD: CVE-2011-3428
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201704-1346
value: HIGH

Trust: 0.6

VULHUB: VHN-51373
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-3428
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51373
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2011-3428
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-51373 // JVNDB: JVNDB-2011-005397 // CNNVD: CNNVD-201704-1346 // NVD: CVE-2011-3428

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-51373 // JVNDB: JVNDB-2011-005397 // NVD: CVE-2011-3428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1346

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-1346

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005397

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT5016url:https://support.apple.com/en-us/HT5016
Trust: 0.8
title:HT5016url:https://support.apple.com/ja-jp/HT5016
Trust: 0.8
title:Apple QuickTime for Windows Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69722
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-005397 // 
            
            
            
            CNNVD: CNNVD-201704-1346

EXTERNAL IDS
db:NVDid:CVE-2011-3428
Trust: 2.5
db:JVNDBid:JVNDB-2011-005397
Trust: 0.8
db:CNNVDid:CNNVD-201704-1346
Trust: 0.7
db:VULHUBid:VHN-51373
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51373 // 
            
            
            
            JVNDB: JVNDB-2011-005397 // 
            
            
            
            CNNVD: CNNVD-201704-1346 // 
            
            
            
            NVD: CVE-2011-3428

REFERENCES
url:https://support.apple.com/en-us/ht5016
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3428
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2011-3428
Trust: 0.8
sources:
            
            
            VULHUB: VHN-51373 // 
            
            
            
            JVNDB: JVNDB-2011-005397 // 
            
            
            
            CNNVD: CNNVD-201704-1346 // 
            
            
            
            NVD: CVE-2011-3428

SOURCES
db:VULHUBid:VHN-51373
db:JVNDBid:JVNDB-2011-005397
db:CNNVDid:CNNVD-201704-1346
db:NVDid:CVE-2011-3428

LAST UPDATE DATE
2025-04-20T23:23:47.853000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51373date:2017-04-28T00:00:00
db:JVNDBid:JVNDB-2011-005397date:2017-05-26T00:00:00
db:CNNVDid:CNNVD-201704-1346date:2017-05-09T00:00:00
db:NVDid:CVE-2011-3428date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-51373date:2017-04-24T00:00:00
db:JVNDBid:JVNDB-2011-005397date:2017-05-26T00:00:00
db:CNNVDid:CNNVD-201704-1346date:2017-04-24T00:00:00
db:NVDid:CVE-2011-3428date:2017-04-24T19:59:00.190