CVE-2011-0245
https://notcve.org/view.php?id=CVE-2011-0245
Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file. Desbordamiento de buffer en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un archivo pict modificado. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15755 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0251 – Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0251
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de atoms STSZ en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles corrupt Sample Size atoms. When the value for 'Number of Entries' in this atom differs from the 'Number of Entries' in the Time-To-Sample atom, Quicktime will fill the Atom Sample Table with uninitialized data read from memory. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://support.apple.com/kb/HT5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0247 – Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0247
Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie. Múltiples desbordamientos de buffer de la pila en Apple QuickTime en versiones anteriores a la 7.7 en Windows permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través una película H.264 modificada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4009
https://notcve.org/view.php?id=CVE-2010-4009
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de enteros en Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un fichero película manipulado. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16218 • CWE-189: Numeric Errors •
CVE-2010-0530
https://notcve.org/view.php?id=CVE-2010-0530
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. Apple QuickTime anterior v7.6.9 en Windows establece permisos débiles para el directorio de Apple en el perfil de la cuenta de usuario, lo que permite a usuarios locales obtener inforamción sensible por lectura de ficheros en este directorio. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16036 • CWE-264: Permissions, Privileges, and Access Controls •