CVE-2011-3249 – Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3249
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. Desbordamiento de búfer en Apple QuickTime anterior a v7.7.1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película creado con la codificación de FLC. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5016 http://support.apple.com/kb/HT5130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16130 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3251 – Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3251
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. Apple QuickTime anterior a v7.7.1 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de los átomos TKHD creado en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. • http://support.apple.com/kb/HT5016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0258 – Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0258
Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. Apple QuickTime anterior a v7.7 en Windows permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una descripción de la imagen manipulada asociada a una etiqueta mp4v en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. • http://securityreason.com/securityalert/8368 http://support.apple.com/kb/HT4826 http://www.securityfocus.com/archive/1/519483/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-277 https://exchange.xforce.ibmcloud.com/vulnerabilities/69518 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15671 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0256 – Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0256
Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file. Desbordamiento de entero en Apple QuickTime anterior a v7.7 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un track run atoms manipulado en el fichero de una película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the 'trun' atom. Quicktime uses user supplied data in the 'sampleCount' field to calculate a buffer size. • http://support.apple.com/kb/HT4826 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16097 • CWE-189: Numeric Errors •
CVE-2011-0257 – Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0257
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow. Error de signo de entero en Apple QuickTime anterior a v7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un código de operación PnSize manipulado en un archivo PICT provocando un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value. • https://www.exploit-db.com/exploits/17777 http://securityreason.com/securityalert/8365 http://support.apple.com/kb/HT4826 http://www.exploit-db.com/exploits/17777 http://zerodayinitiative.com/advisories/ZDI-11-252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059 • CWE-189: Numeric Errors •