VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2011· Updated Apr 29, 2026

CVE-2011-3221

CVE-2011-3221

Description

QuickTime on Mac OS X before 10.7.2 mishandles atom hierarchy in movie files, enabling remote code execution via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

QuickTime on Mac OS X before 10.7.2 mishandles atom hierarchy in movie files, enabling remote code execution via a crafted file.

Vulnerability

QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files. An attacker can exploit this by crafting a malicious movie file that triggers a memory corruption when processed by QuickTime. Affected versions include OS X Lion v10.7 and v10.7.1, as well as earlier systems before the 10.7.2 update [1].

Exploitation

To exploit, an attacker must deliver a specially crafted movie file to the target user, typically via email, a website, or other means. The user must open the file in QuickTime or an application that uses QuickTime. No additional authentication or network privileges are required; the attack is triggered when the file is parsed [1][2].

Impact

Successful exploitation can lead to arbitrary code execution in the context of the logged-in user, or cause a denial of service (application crash). This could allow the attacker to take control of the affected system, install malware, or access sensitive data [1][2].

Mitigation

Apple addressed this issue in OS X Lion v10.7.2 and Security Update 2011-006, released on October 12, 2011 [1]. Users should update to these versions via Software Update or download the update from Apple's website. QuickTime 7.7.1 also includes a fix for this vulnerability [2]. No workarounds are documented.

References
  1. About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple Support
  2. About the security content of QuickTime 7.7.1 - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

137
  • Apple Inc./Mac OS X68 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 67 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.7.1
    • cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
  • Apple Inc./Mac OS X Server68 versions
    cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*+ 67 more
    • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*range: <=10.7.1
    • cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
  • Apple Inc./Quicktimellm-fuzzy
    Range: <10.7.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.