CVE-2013-1024 : CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published 2013-06-05 14:39:56

Updated 2014-01-28 04:51:00

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Input validationExecute codeDenial of service

Products affected by CVE-2013-1024

Apple » Mac Os X
Versions up to, including, (<=) 10.8.3
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.0
cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.1
cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.2
cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.3
cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.4
cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.8.1
cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.8.0
cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.5
cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.8.2
cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.0
cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.1
cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.2
cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.4
cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.3
cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.5
cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-1024

EPSS FAQ

0.90%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1024

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-1024

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1024

http://support.apple.com/kb/HT5784

About the security content of OS X Mountain Lion v10.8.4 and Security Update 2013-002 - Apple Support
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
http://support.apple.com/kb/HT6001

About the security content of iTunes 11.1.4 - Apple Support

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html

Apple - Lists.apple.com

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-1024

Products affected by CVE-2013-1024

Exploit prediction scoring system (EPSS) score for CVE-2013-1024

CVSS scores for CVE-2013-1024

CWE ids for CVE-2013-1024

References for CVE-2013-1024