Page 183 of 914 results (0.006 seconds)

CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 0

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. • http://docs.info.apple.com/article.html?artnum=303101 http://secunia.com/advisories/18149 http://secunia.com/advisories/18370 http://security-protocols.com/advisory/sp-x21-advisory.txt http://securityreason.com/securityalert/334 http://securityreason.com/securityalert/336 http://securitytracker.com/id?1015356 http://securitytracker.com/id?1015396 http://securitytracker.com/id?1015397 http://www.eeye.com/html/research/upcoming/20051117a.html http://www.eeye.com/html/research/upcoming/2005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. • http://securitytracker.com/id?1015222 http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities http://www.vupen.com/english/advisories/2005/2443 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0

Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. • http://docs.info.apple.com/article.html?artnum=301596 http://lists.apple.com/archives/security-announce/2005/May/msg00003.html http://secunia.com/advisories/15310 http://securitytracker.com/id?1013927 http://www.ngssoftware.com/advisories/itunes.txt http://www.osvdb.org/16243 http://www.securityfocus.com/bid/13565 http://www.vupen.com/english/advisories/2005/0504 https://exchange.xforce.ibmcloud.com/vulnerabilities/20498 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg •

CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 3

Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. • https://www.exploit-db.com/exploits/758 https://www.exploit-db.com/exploits/16562 http://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html http://secunia.com/advisories/13804 http://securitytracker.com/id?1012839 http://www.idefense.com/application/poi/display?id=180&type=vulnerabilities http://www.kb.cert.org/vuls/id/377368 http://www.osvdb.org/12833 http://www.securityfocus.com/bid/12238 https://exchange.xforce.ibmcloud.com/vulnerabilities/18851 •