CVE-2009-0188
https://notcve.org/view.php?id=CVE-2009-0188
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. Apple QuickTime anterior a v7.6.2 permite a atacantes remotos ejecutar código de forma arbitraria o producir una denegación de servicio (corrupción de la memoria o caída de aplicación) a través de un una película manipulada compuesta de un fichero de vídeo de Sorenson 3. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://secunia.com/advisories/35091 http://secunia.com/secunia_research/2009-10 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/504007/100/0/threaded http://www.securityfocus.com/bid/35159 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50886 https://oval.cisecurity.org/repository/search • CWE-399: Resource Management Errors •
CVE-2009-0956
https://notcve.org/view.php?id=CVE-2009-0956
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero. Apple QuickTime anterior a v7.6.2 no inicializa adecuadamente la memoria antes de manejar ficheros de películas, lo que permite a atacantes remotos ejecutar código de forma arbitraria o producir una denegación de servicio (caída de aplicación) a través de una película que contenga unos datos de usuario de tamaño cero. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35162 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16188 • CWE-399: Resource Management Errors •
CVE-2009-0185
https://notcve.org/view.php?id=CVE-2009-0185
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. Desbordamiento de búfer basado en memoria dinámica en Apple QuickTime anterior a la v7.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de datos de audio codificados como MS ADPCM en un fichero de película AVI. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54879 http://secunia.com/advisories/35091 http://secunia.com/secunia_research/2009-6 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/archive/1/504006/100/0/threaded http://www.securityfocus.com/bid/35163 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50894 https://oval.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0951 – Apple Quicktime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability
https://notcve.org/view.php?id=CVE-2009-0951
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file. Desbordamiento de búfer basado en memoria dinámica (heap) en Apple QuickTime anterior a v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo de compresión FLC manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The specific flaw exists during decompression of a delta-encoded chunk. The algorithm to decompress the frame trusts a line specifier when calculating where to write decompressed data. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54878 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35161 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50887 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16098 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0953 – Apple Quicktime PICT Opcode 0x8201 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0953
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer basado en memoria dinámica (heap) en Apple QuickTime anterior a v7.6.2, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x8201 QuickTime trusts a value contained in the file and makes an allocation accordingly. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html http://osvdb.org/54876 http://secunia.com/advisories/35091 http://support.apple.com/kb/HT3591 http://www.securityfocus.com/bid/35164 http://www.securitytracker.com/id?1022314 http://www.vupen.com/english/advisories/2009/1469 https://exchange.xforce.ibmcloud.com/vulnerabilities/50890 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15939 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •