CVSS: 6.8EPSS: 56%CPEs: 4EXPL: 0CVE-2006-1249
https://notcve.org/view.php?id=CVE-2006-1249
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. • http://lists.apple.com/archives/security-announce/2006/May/msg00002.html http://secunia.com/advisories/20069 http://securitytracker.com/id?1016067 http://www.eeye.com/html/research/upcoming/20060307b.html http://www.kb.cert.org/vuls/id/570689 http://www.securityfocus.com/archive/1/433831/100/0/threaded http://www.securityfocus.com/archive/1/433850/100/0/threaded http://www.securityfocus.com/bid/17074 http://www.us-cert.gov/cas/techalerts/TA06-132B.html http://www& • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 0CVE-2005-4092
https://notcve.org/view.php?id=CVE-2005-4092
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. • http://docs.info.apple.com/article.html?artnum=303101 http://secunia.com/advisories/18149 http://secunia.com/advisories/18370 http://security-protocols.com/advisory/sp-x21-advisory.txt http://securityreason.com/securityalert/334 http://securityreason.com/securityalert/336 http://securitytracker.com/id?1015356 http://securitytracker.com/id?1015396 http://securitytracker.com/id?1015397 http://www.eeye.com/html/research/upcoming/20051117a.html http://www.eeye.com/html/research/upcoming/2005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2938
https://notcve.org/view.php?id=CVE-2005-2938
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. • http://securitytracker.com/id?1015222 http://www.idefense.com/application/poi/display?id=340&type=vulnerabilities http://www.vupen.com/english/advisories/2005/2443 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2005-1248
https://notcve.org/view.php?id=CVE-2005-1248
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. • http://docs.info.apple.com/article.html?artnum=301596 http://lists.apple.com/archives/security-announce/2005/May/msg00003.html http://secunia.com/advisories/15310 http://securitytracker.com/id?1013927 http://www.ngssoftware.com/advisories/itunes.txt http://www.osvdb.org/16243 http://www.securityfocus.com/bid/13565 http://www.vupen.com/english/advisories/2005/0504 https://exchange.xforce.ibmcloud.com/vulnerabilities/20498 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 3CVE-2005-0043 – Apple iTunes - Playlist Parsing Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0043
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. • https://www.exploit-db.com/exploits/758 https://www.exploit-db.com/exploits/16562 http://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html http://secunia.com/advisories/13804 http://securitytracker.com/id?1012839 http://www.idefense.com/application/poi/display?id=180&type=vulnerabilities http://www.kb.cert.org/vuls/id/377368 http://www.osvdb.org/12833 http://www.securityfocus.com/bid/12238 https://exchange.xforce.ibmcloud.com/vulnerabilities/18851 •