CVE-2010-1818 – Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1818
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. La función IPersistPropertyBag2::Read en QTPlugin.ocx en Apple QuickTime 6.x, 7.x y otras versiones permite a atacantes remotos ejecutar código arbitrario a través del atributo _Marshaled_pUnk, lo que provoca que deserialice un puntero no confiable. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. • https://www.exploit-db.com/exploits/14843 https://www.exploit-db.com/exploits/16589 http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1 http://support.apple.com/kb/ht4339 http://threatpost.com/en_us/blogs/new-remote-flaw-apple-quicktime-bypasses-aslr-and-dep-083010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7523 https://www.metasploit.com/redmi • CWE-824: Access of Uninitialized Pointer •
CVE-2010-1799 – Apple QuickTime 7.6.6 - Invalid SMIL URI Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-1799
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de buffer basado en pila en la funcionalidad "error-logging" de Apple QuickTime en versiones anteriores a la v7.6.7 en Windows permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de video modificado. • https://www.exploit-db.com/exploits/16558 http://lists.apple.com/archives/security-announce/2010//Aug/msg00002.html http://support.apple.com/kb/HT4290 http://www.securityfocus.com/bid/41962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0528 – Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0528
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value. QuickTime de Apple anterior a versión 7.6.6 sobre Windows, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de tablas de color especialmente diseñadas en un archivo de película, relacionadas con datos de MediaVideo malformado, un átomo de descripción de muestra (STSD) y un valor de longitud especialmente diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed MediaVideo data from a sample description atom (STSD). The application will read a length from the file, subtract 1 and then use it as a counter for a loop. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://www.securityfocus.com/archive/1/510518/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0529 – Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0529
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation. El desbordamiento de búfer en la región heap de la memoria en el archivo QuickTime.qts en QuickTime de Apple anterior a versión 7.6.6 sobre Windows, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen PICT con un BkPixPat Opcode (0x12) que contiene valores diseñados que se utilizan en un cálculo para la asignación de memoria This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the primary QuickTime.qts library when parsing the BkPixPat opcode (0x12) within a PICT file. The application will use 2 fields within the file in a multiply which is then passed as an argument to an allocation. As both operands in the multiply are user-controllable, specific values can cause an under allocation which will later result in a heap overflow. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://www.securityfocus.com/archive/1/510569/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0527
https://notcve.org/view.php?id=CVE-2010-0527
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de entero en Apple QuickTime en versiones anteriores a la 7.6.6 en Windows permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) mediante una imagen PICT manipulada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7458 • CWE-189: Numeric Errors •