CVE-2010-3800 – Apple QuickTime PICT directBitsRect Pack3 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3800
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un fichero PICT manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses directBitsRect records within a .pict file. When decompressing data within this structure, the application will allocate space for the target buffer using fields described within the file and then use a different length to decompress the total data from the file. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=882 http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://osvdb.org/69754 http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-261 http://zerodayinitiative.com/advisories/ZDI-10-262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15859 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3802 – Apple QuickTime Panorama Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3802
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. Error de presencia de signo (signedness) de entero en Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un atom panorama manipulado en un fichero QuickTime Virtual Reality (QTVR) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://osvdb.org/69756 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16105 • CWE-189: Numeric Errors •
CVE-2010-1508 – Apple QuickTime 3GP Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1508
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. Desbordamiento de búfer basado en memoria dinámica en Apple QuickTime anterior v7.6.9 en Windows permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través del delTrack Header manipualdo (conocido como tkhd). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Quicktime.qts module responsible for parsing media files. While handling 3GP streams a function within this module a loop trusts a value directly from the media file and uses it during memory copy operations. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://secunia.com/secunia_research/2010-72 http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-258 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3801 – Apple QuickTime FPX Subimage Count Out-of-bounds Counter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3801
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. Apple QuickTime en versiones anteriores a la 7.6.9 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante un fichero FlashPix manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific flaw exists within the way the application parses a particular property out of a flashpix file. The application will explicitly trust a field in the property as a length for a loop over an array of data structures. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://osvdb.org/69755 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1818 – Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1818
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. La función IPersistPropertyBag2::Read en QTPlugin.ocx en Apple QuickTime 6.x, 7.x y otras versiones permite a atacantes remotos ejecutar código arbitrario a través del atributo _Marshaled_pUnk, lo que provoca que deserialice un puntero no confiable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. • https://www.exploit-db.com/exploits/14843 https://www.exploit-db.com/exploits/16589 http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1 http://support.apple.com/kb/ht4339 http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523 https://www.metasploit.com/redmi • CWE-824: Access of Uninitialized Pointer •