Home

CVE-2006-1249

Description

Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.

Risk Information

Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
27.209

Associated Vulnerability

VulnerabilityOS Platform
Update QuickTime 7.1 to latest versionWindows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 6.0.1Windows
Multiple Vulnerabilities are affected in Apple iTunes 6.0.1Windows
Multiple Vulnerabilities are affected in QuickTime 7.0.3Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 6.0.2Windows
Multiple Vulnerabilities are affected in Apple iTunes 6.0.2Windows
Multiple Vulnerabilities are affected in QuickTime 7.0.4Windows
Multiple Vulnerabilities are affected in Apple iTunes For Mac 6.0.1Mac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 6.0.2Mac

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234