CVSS: 9.3EPSS: 9%CPEs: 32EXPL: 0CVE-2011-0252 – Apple QuickTime STTS atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0252
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de atoms STTS modificados en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://support.apple.com/kb/HT5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15884 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 60EXPL: 0CVE-2011-0249 – Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0249
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de atoms STSC modificados en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the Sample-to-Chunks table in media files with 'twos' audio codec. If a value for 'samples per chunk' is bigger than 8 times the sample rate from the 'Sample Description Atom' it will cause a buffer overflow during the parsing of the atom sample table. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://support.apple.com/kb/HT5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 60EXPL: 0CVE-2011-0250 – Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0250
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de atoms STTS modificados en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid values in the Sync Sample Atom. Due to a signed compare instead of an unsigned compare it is possible to corrupt the Sample Atom Table. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://support.apple.com/kb/HT5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 58EXPL: 0CVE-2011-0246
https://notcve.org/view.php?id=CVE-2011-0246
Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 en Windows permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un archivo GIF modificado. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15681 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 32EXPL: 0CVE-2011-0245
https://notcve.org/view.php?id=CVE-2011-0245
Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file. Desbordamiento de buffer en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un archivo pict modificado. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15755 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •