VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2011· Updated Apr 29, 2026

CVE-2011-0224

CVE-2011-0224

Description

A memory corruption vulnerability in CoreMedia on Mac OS X allows remote code execution via a crafted QuickTime movie file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in CoreMedia on Mac OS X allows remote code execution via a crafted QuickTime movie file.

Vulnerability

CoreMedia, a multimedia framework in Apple Mac OS X through 10.6.8, contains a memory corruption vulnerability when processing specially crafted QuickTime movie files. This issue affects Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, and OS X Lion Server v10.7 and v10.7.1 [1]. The vulnerability is triggered by parsing a malicious QuickTime file, leading to memory corruption.

Exploitation

An attacker can exploit this vulnerability by enticing a user to open a crafted QuickTime movie file, either via a web page, email attachment, or other means. No authentication is required; the attacker only needs to deliver the malicious file to the target system. The user interaction is required to open the file, which then triggers the memory corruption in CoreMedia.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the current user, or cause a denial of service (application crash). The impact is complete compromise of confidentiality, integrity, and availability of the affected system, as arbitrary code execution can lead to full system control.

Mitigation

Apple addressed this vulnerability in OS X Lion v10.7.2 and Security Update 2011-006 for Mac OS X v10.6.8 [1]. Users should update to the fixed versions via Software Update or Apple Downloads. No workarounds are documented; the only mitigation is to apply the security update.

References
  1. About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

134
  • Apple Inc./Mac OS X67 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 66 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.6.8
    • cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*
    • (no CPE)range: <=10.6.8
  • Apple Inc./Mac OS X Server66 versions
    cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*+ 65 more
    • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*range: <=10.6.8
    • cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*
  • Apple Inc./CoreMediallm-create
    Range: <=10.6.8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.