VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2011· Updated Apr 29, 2026

CVE-2011-3228

CVE-2011-3228

Description

A memory corruption flaw in QuickTime on Mac OS X before 10.7.2 allows remote code execution via a crafted movie file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption flaw in QuickTime on Mac OS X before 10.7.2 allows remote code execution via a crafted movie file.

Vulnerability

CVE-2011-3228 is a memory corruption vulnerability in Apple QuickTime, present in Mac OS X versions before 10.7.2. The flaw is triggered when QuickTime processes a specially crafted movie file. The issue affects QuickTime as bundled with Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, and OS X Lion Server v10.7 and v10.7.1 [1]. A separate QuickTime 7.7.1 update for Windows also addresses this CVE [2].

Exploitation

Exploitation requires an attacker to convince a user to open a malicious movie file, either by hosting it on a website or delivering it via email or other means. No authentication or special network position is required beyond the ability to deliver the crafted file to the target. The vulnerability is triggered when QuickTime parses the malformed file, leading to memory corruption.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the victim's system with the privileges of the current user, or cause a denial-of-service (application crash). This can lead to full compromise of the affected Mac system.

Mitigation

Apple addressed this vulnerability in OS X Lion v10.7.2 and Security Update 2011-006, which were released on October 12, 2011 [1]. For Windows, QuickTime 7.7.1 was released to fix the issue [2]. Users should apply these updates immediately. No workarounds are documented if patches cannot be applied.

References
  1. About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple Support
  2. About the security content of QuickTime 7.7.1 - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

137
  • Apple Inc./Mac OS X68 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 67 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.7.1
    • cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
  • Apple Inc./Mac OS X Server68 versions
    cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*+ 67 more
    • cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*range: <=10.7.1
    • cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
  • Apple Inc./Quicktimellm-fuzzy
    Range: <10.7.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.