CVSS: 10.0EPSS: 7%CPEs: 54EXPL: 0CVE-2010-1508 – Apple QuickTime 3GP Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1508
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms. Desbordamiento de búfer basado en memoria dinámica en Apple QuickTime anterior v7.6.9 en Windows permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través del delTrack Header manipualdo (conocido como tkhd). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Quicktime.qts module responsible for parsing media files. While handling 3GP streams a function within this module a loop trusts a value directly from the media file and uses it during memory copy operations. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://secunia.com/secunia_research/2010-72 http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-258 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15625 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 52EXPL: 0CVE-2010-3800 – Apple QuickTime PICT directBitsRect Pack3 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3800
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un fichero PICT manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses directBitsRect records within a .pict file. When decompressing data within this structure, the application will allocate space for the target buffer using fields described within the file and then use a different length to decompress the total data from the file. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=882 http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://osvdb.org/69754 http://support.apple.com/kb/HT4447 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-261 http://zerodayinitiative.com/advisories/ZDI-10-262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15859 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 52EXPL: 0CVE-2010-3801 – Apple QuickTime FPX Subimage Count Out-of-bounds Counter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3801
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. Apple QuickTime en versiones anteriores a la 7.6.9 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante un fichero FlashPix manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required in that a user must be coerced into opening up a malicious document or visiting a malicious website. The specific flaw exists within the way the application parses a particular property out of a flashpix file. The application will explicitly trust a field in the property as a length for a loop over an array of data structures. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://osvdb.org/69755 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-259 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 52EXPL: 0CVE-2010-3802 – Apple QuickTime Panorama Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3802
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. Error de presencia de signo (signedness) de entero en Apple QuickTime anterior v7.6.9 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un atom panorama manipulado en un fichero QuickTime Virtual Reality (QTVR) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple's support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://osvdb.org/69756 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4581 http://www.securitytracker.com/id?1024830 http://zerodayinitiative.com/advisories/ZDI-10-260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16105 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2010-3790 – Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3790
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. QuickTime en Apple Mac OS X V10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída aplicación) a través de un archivo de película manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a Matrix structure within a particular opcode embedded within a .pict file. When using this Matrix structure to transform image data, the application will miscalculate an index to represent a row of an object. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4447 http://support.apple.com/kb/HT4723 http://www.securityfocus.com/bid/44794 http://www.securitytracker.com/id?1024729 http://www.zerodayinitiative.com/advisories/ZDI-11-038 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •