Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Apple Inc. - QuickTime

jvndb-2017-000116

Vulnerability from jvndb

Published

2017-06-13 13:51

Modified

2018-02-14 11:58

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries

Details

Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

►

Type

URL

	JVN	http://jvn.jp/en/ta/JVNTA91240916/index.html
	JVN	http://jvn.jp/en/jp/JVN94771799/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2218
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2218
	CERT-TA	https://www.us-cert.gov/ncas/alerts/TA16-105A
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

►

Vendor

Product

Apple Inc.

QuickTime

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000116.html",
  "dc:date": "2018-02-14T11:58+09:00",
  "dcterms:issued": "2017-06-13T13:51+09:00",
  "dcterms:modified": "2018-02-14T11:58+09:00",
  "description": "Installer of QuickTime for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000116.html",
  "sec:cpe": {
    "#text": "cpe:/a:apple:quicktime",
    "@product": "QuickTime",
    "@vendor": "Apple Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000116",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN94771799/index.html",
      "@id": "JVN#94771799",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2218",
      "@id": "CVE-2017-2218",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2218",
      "@id": "CVE-2017-2218",
      "@source": "NVD"
    },
    {
      "#text": "https://www.us-cert.gov/ncas/alerts/TA16-105A",
      "@id": "TA16-105A",
      "@source": "CERT-TA"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installer of QuickTime for Windows may insecurely load Dynamic Link Libraries"
}