CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 1CVE-2008-5406 – Apple iTunes 8.0.2.20/QuickTime 7.5.5 - '.mov' Multiple Off By Overflows (PoC)
https://notcve.org/view.php?id=CVE-2008-5406
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." Desbordamiento de búfer basado en pila en Apple QuickTime Player 7.5.5 e iTunes 8.0.2.20, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y probablemente la ejecución de código de su elección a través de un archivo MOV con "una argumento largo". Relacionado con un "error de superación de límite (off-by-one)". • https://www.exploit-db.com/exploits/7296 http://securityreason.com/securityalert/4704 http://www.securityfocus.com/bid/32540 https://exchange.xforce.ibmcloud.com/vulnerabilities/46984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 1CVE-2008-4116 – Apple QuickTime 7.5.5 / iTunes 8.0 - Remote Off-by-One Crash
https://notcve.org/view.php?id=CVE-2008-4116
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. Un desbordamiento del búfer en QuickTime versión 7.5.5 y iTunes versión 8.0, de Apple, permite a los atacantes remotos causar una denegación de servicio (bloqueo del navegador) o posiblemente ejecutar código arbitrario por medio de un atributo type largo en una etiqueta de quicktime (1) en una página web o insertado en un archivo ( 2) .mp4 o (3) .mov, posiblemente relacionado con la función Check_stack_cookie y un error por un paso que conduce a un desbordamiento del búfer en la región heap de la memoria. • https://www.exploit-db.com/exploits/6471 http://securityreason.com/securityalert/4270 http://www.securityfocus.com/bid/31212 https://exchange.xforce.ibmcloud.com/vulnerabilities/45311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5936 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7995 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 43EXPL: 0CVE-2008-3636
https://notcve.org/view.php?id=CVE-2008-3636
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. Desbordamiento de entero en un driver de terceros no especificado incluido en Apple iTunes anterior a la 8.0 para Windows, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html http://securitytracker.com/id?1020839 http://support.apple.com/kb/HT3025 http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf http://www.kb.cert.org/vuls/id/146896 http://www.securityfocus.com/archive/1/497131/100/0/threaded http://www.securityfocus.com/bid/31089 http://www.securitytracker.com/id?1020997 http:& • CWE-189: Numeric Errors •
CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0CVE-2008-3634
https://notcve.org/view.php?id=CVE-2008-3634
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. Aplicación Itunes anterior a la v8 sobre Mac OS X 10.4.11, cuando iTunes Sharing se encuentra habilitado pero bloqueado por el cortafuegos del sistema, muestra información falsa (engañosa) sobre la seguridad del cortafuegos. Esto podría ser aprovechado por atacantes remotos. El administrador no obviaría esta cuestión si se le diera mejor información al respecto. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securitytracker.com/id?1020840 http://www.securityfocus.com/bid/31090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2008-3434
https://notcve.org/view.php?id=CVE-2008-3434
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple iTunes anterior a versión 10.5.1, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de troya, como es demostrado por el evilgrade y el envenenamiento de la caché de DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://lists.apple.com/archives/Security-announce/2011/Nov/msg00003.html http://support.apple.com/kb/HT5030 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17136 • CWE-94: Improper Control of Generation of Code ('Code Injection') •