CVE-2011-3252 – Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3252
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. Desbordamiento de búfer en CoreAudio, como el que se utiliza en iTunes de Apple anterior a v10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un envío de datos manipulado Advanced Audio Coding (AAC). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/76381 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2809
https://notcve.org/view.php?id=CVE-2011-2809
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que atacantes man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que figuran en APPLE-SA -2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70502 https://oval.cisecurity.org/repository/search/definition/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2341
https://notcve.org/view.php?id=CVE-2011-2341
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que atacantes man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que figuran en APPLE-SA -2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2817
https://notcve.org/view.php?id=CVE-2011-2817
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en el iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17208 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3236
https://notcve.org/view.php?id=CVE-2011-3236
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación del iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76350 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70513 https://oval.cisecurity.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •