CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0CVE-2011-0211 – Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0211
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de un archivo de película hecho a mano. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles Apple Lossless Audio Codec streams. While parsing the sample description for the 'alac' codec an integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4723 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0187
https://notcve.org/view.php?id=CVE-2011-0187
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. La extensión de QuickTime en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos evitar la política del mismo origen y obtener datos de video potencialmente sensibles a través de vectores que implican redirección de sitios cruzados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0CVE-2011-0186
https://notcve.org/view.php?id=CVE-2011-0186
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. QuickTime en Apple Mac OS X anterior a v10.6.7 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) a través de una imagen JPEG2000 manipulada • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 52EXPL: 0CVE-2010-4009
https://notcve.org/view.php?id=CVE-2010-4009
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de enteros en Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un fichero película manipulado. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16218 • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 54EXPL: 0CVE-2010-0530
https://notcve.org/view.php?id=CVE-2010-0530
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. Apple QuickTime anterior v7.6.9 en Windows establece permisos débiles para el directorio de Apple en el perfil de la cuenta de usuario, lo que permite a usuarios locales obtener inforamción sensible por lectura de ficheros en este directorio. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16036 • CWE-264: Permissions, Privileges, and Access Controls •