CVE-2012-0671
https://notcve.org/view.php?id=CVE-2012-0671
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. Apple QuickTime antes de v7.7.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo malicioso .pict • http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5501 http://www.securityfocus.com/bid/53584 http://www.securitytracker.com/id?1027065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15219 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-3247 – Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3247
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. Desbordamiento de entero en Apple QuickTime anterior a v7.7.1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo PICT creado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. • http://support.apple.com/kb/HT5016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16071 • CWE-189: Numeric Errors •
CVE-2011-3251 – Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3251
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. Apple QuickTime anterior a v7.7.1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de los átomos TKHD creado en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. • http://support.apple.com/kb/HT5016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0256 – Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0256
Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file. Desbordamiento de entero en Apple QuickTime anterior a v7.7 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un track run atoms manipulado en el fichero de una película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the 'trun' atom. Quicktime uses user supplied data in the 'sampleCount' field to calculate a buffer size. • http://support.apple.com/kb/HT4826 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16097 • CWE-189: Numeric Errors •
CVE-2011-0257 – Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0257
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow. Error de signo de entero en Apple QuickTime anterior a v7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un código de operación PnSize manipulado en un archivo PICT provocando un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value. • https://www.exploit-db.com/exploits/17777 http://securityreason.com/securityalert/8365 http://support.apple.com/kb/HT4826 http://www.exploit-db.com/exploits/17777 http://zerodayinitiative.com/advisories/ZDI-11-252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059 • CWE-189: Numeric Errors •