Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3662

Description

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Apple QuickTime's QT Media Foundation allows remote code execution via crafted file.

Vulnerability

The vulnerability is a memory corruption issue in the QT Media Foundation component of Apple QuickTime before version 7.7.7, which is also used in OS X before version 10.10.4. The bug can be triggered by processing a specially crafted file. Affected versions include QuickTime 7.7.6 and earlier, and OS X Yosemite 10.10.3 and earlier [2].

Exploitation

An attacker can exploit this by delivering a maliciously crafted file to the target user, who must open it in QuickTime. No additional privileges are required; the attack is remote and user interaction is limited to opening the file. The exact exploitation steps are not disclosed, but the memory corruption can be leveraged for arbitrary code execution [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the QuickTime process, potentially leading to full system compromise. Alternatively, it can cause a denial of service via application termination [2].

Mitigation

Apple addressed this issue in QuickTime 7.7.7 and OS X Yosemite 10.10.4. Users should update to these versions or later. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [2].

References

About the security content of QuickTime 7.7.7 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Quicktime2 versions
cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*range: <=7.7.6
- (no CPE)range: <7.7.7
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00005.htmlnvdPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
support.apple.com/kb/HT204947nvdVendor Advisory
www.securityfocus.com/bid/75493nvd
www.securitytracker.com/id/1032756nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000