Page 20 of 136 results (0.004 seconds)

CVSS: 9.3EPSS: 91%CPEs: 125EXPL: 1

CVE-2009-0955 – Apple QuickTime - Image Description Atom Sign Extension (PoC)

https://notcve.org/view.php?id=CVE-2009-0955

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue." Apple QuickTime v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una descripción imagen manipulada en un archivo de video Apple, relacionado con la "la firma de extensión". • https://www.exploit-db.com/exploits/8862 http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54874 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35166 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 5%CPEs: 127EXPL: 0

CVE-2009-0185

https://notcve.org/view.php?id=CVE-2009-0185

Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. Desbordamiento de búfer basado en memoria dinámica en Apple QuickTime anterior a la v7.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de datos de audio codificados como MS ADPCM en un fichero de película AVI. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54879 http://secunia.com/advisories/35091 http://secunia.com/secunia_research/2009-6 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/504006/100/0/threaded http://www.securityfocus.com/bid/35163 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50894 https://oval.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 4%CPEs: 127EXPL: 0

CVE-2009-0188

https://notcve.org/view.php?id=CVE-2009-0188

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. Apple QuickTime anterior a v7.6.2 permite a atacantes remotos ejecutar código de forma arbitraria o producir una denegación de servicio (corrupción de la memoria o caída de aplicación) a través de un una película manipulada compuesta de un fichero de vídeo de Sorenson 3. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://secunia.com/advisories/35091 http://secunia.com/secunia_research/2009-10 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/504007/100/0/threaded http://www.securityfocus.com/bid/35159 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50886 https://oval.cisecurity.org/repository/search • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 21%CPEs: 127EXPL: 1

CVE-2009-0951 – Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability

https://notcve.org/view.php?id=CVE-2009-0951

Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file. Desbordamiento de búfer basado en memoria dinámica (heap) en Apple QuickTime anterior a v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo de compresión FLC manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The specific flaw exists during decompression of a delta-encoded chunk. The algorithm to decompress the frame trusts a line specifier when calculating where to write decompressed data. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54878 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35161 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50887 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16098 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 11%CPEs: 127EXPL: 0

CVE-2009-0952 – Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2009-0952

Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image. Desbordamiento de búfer en Apple QuickTime anterior a v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PSD comprimida y manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a malformed .PSD image. While decoding the columns, rows and channels in the image header, the application trusts a different length for copying than used for allocating it. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54877 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35168 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •