Page 19 of 186 results (0.003 seconds)

CVSS: 9.3EPSS: 1%CPEs: 130EXPL: 0

Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. Apple QuickTime anterior a v7.6.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un fichero de película H.264 manipulado. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html http://support.apple.com/kb/HT3859 http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36328 http://www.vupen.com/english/advisories/2009/3184 https://exchange.xforce.ibmcloud.com/vulnerabilities/53127 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5467 •

CVSS: 9.3EPSS: 59%CPEs: 131EXPL: 0

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Desbordamiento de búfer basado en memoria dinámica (heap) en Apple QuickTime anterior a v7.6.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (Caída de aplicación) a través de un archivo FlashPix manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html http://support.apple.com/kb/HT3859 http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36328 http://www.vupen.com/english/advisories/2009/3184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6258 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 59%CPEs: 131EXPL: 0

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. Desbordamiento de búfer basado en memoria dinámica en Apple QuickTime anterior a v7.6.4, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de película H.264 manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html http://support.apple.com/kb/HT3859 http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36328 http://www.vupen.com/english/advisories/2009/3184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6405 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 89%CPEs: 125EXPL: 1

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue." Apple QuickTime v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una descripción imagen manipulada en un archivo de video Apple, relacionado con la "la firma de extensión". • https://www.exploit-db.com/exploits/8862 http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54874 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35166 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 4%CPEs: 127EXPL: 0

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. Apple QuickTime anterior a v7.6.2 permite a atacantes remotos ejecutar código de forma arbitraria o producir una denegación de servicio (corrupción de la memoria o caída de aplicación) a través de un una película manipulada compuesta de un fichero de vídeo de Sorenson 3. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://secunia.com/advisories/35091 http://secunia.com/secunia_research/2009-10 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/504007/100/0/threaded http://www.securityfocus.com/bid/35159 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50886 https://oval.cisecurity.org/repository/search • CWE-399: Resource Management Errors •