CVSS: 9.3EPSS: 4%CPEs: 52EXPL: 0CVE-2010-3800 – Apple QuickTime PICT directBitsRect Pack3 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3800
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un fichero PICT manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses directBitsRect records within a .pict file. When decompressing data within this structure, the application will allocate space for the target buffer using fields described within the file and then use a different length to decompress the total data from the file. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=882 http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://osvdb.org/69754 http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-261 http://zerodayinitiative.com/advisories/ZDI-10-262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15859 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 52EXPL: 0CVE-2010-3801 – Apple QuickTime FPX Subimage Count Out-of-bounds Counter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3801
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. Apple QuickTime en versiones anteriores a la 7.6.9 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante un fichero FlashPix manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific flaw exists within the way the application parses a particular property out of a flashpix file. The application will explicitly trust a field in the property as a length for a loop over an array of data structures. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://osvdb.org/69755 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 52EXPL: 0CVE-2010-3802 – Apple QuickTime Panorama Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3802
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. Error de presencia de signo (signedness) de entero en Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un atom panorama manipulado en un fichero QuickTime Virtual Reality (QTVR) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://osvdb.org/69756 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16105 • CWE-189: Numeric Errors •