CVSS: 9.3EPSS: 9%CPEs: 32EXPL: 0CVE-2011-0252 – Apple QuickTime STTS atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0252
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de atoms STTS modificados en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://support.apple.com/kb/HT5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15884 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 59EXPL: 0CVE-2011-0248 – Apple Quicktime Media Link src Parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0248
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. Desbordamiento de buffer de pila en el control ActiveX de QuickTime de Apple QuickTime en versiones anteriores a la 7.7 en Windows. Cuando se utiliza Internet Explorer, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de archivo QTL modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime parses Quicktime Media Link (.qtl) files. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0CVE-2011-0209 – Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0209
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. Desbordamiento de entero en QuickTime para Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de aplicación) a través de un archivo WAV RIFF hecho a mano. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted RIFF WAV file. When parsing a fmt chunk within the file, the application will use a 32-bit field to calculate the size of a buffer to allocate. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 18EXPL: 0CVE-2011-0210
https://notcve.org/view.php?id=CVE-2011-0210
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. QuickTime para Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por corrupción de memoria y caída de aplicación) a través de tablas de ejemplo hechas a mano en un archivo de película. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/48442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0CVE-2011-0211 – Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0211
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de un archivo de película hecho a mano. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams. While parsing the sample description for the 'alac' codec an integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 • CWE-189: Numeric Errors •