CVE-2008-3635 – Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3635
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de búfer basado en pila en QuickTimeInternetExtras.qtx en un codec de Indeo v3.2 (también conocido como IV32) de terceros que no se ha especificado y que es para QuickTime, cuando se utiliza con Apple QuickTime anterior a 7.5.5 en Windows; permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de película manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Indeo video codec. A lack of proper bounds checking within QuickTimeInternetExtras.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496201/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zerodayinitiative.com/advisories/ZDI-08-057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3627 – Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3627
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. Apple QuickTime anterior a 7.5.5 , no maneja adecuadamente (1) los átomos MDAT de los ficheros de vídeo MP4 en QuickTimeH264.qtx, (2) los átomos MDAT de los ficheros mov de vídeo en QuickTimeH264.scalar y (3) los átomos AVC1 en un tipo de medio desconocido de un componente no especificado; esto permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) a través de un fichero de película manipulado y codificado con H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496163/100/0/threaded http://www.securityfocus.com/archive/1/496175/100/0/threaded http://www.securityfocus.com/archive/1/496176/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zer • CWE-399: Resource Management Errors •
CVE-2008-3625 – Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3625
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms. Desbordamiento de búfer basado en pila en Apple QuickTime anterior 7.5.5, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación), mediante un fichero de película QuickTime Virtual Reality (QTVR) con los elementos manipulados (1) maxTilt, (2) minFieldOfView y (3) maxFieldOfView en las pistas panorama de los átomos PDAT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of panorama track PDAT atoms. When the maxTilt, minFieldOfView and maxFieldOfView elements are corrupted, a stack buffer overflow occurs which can be further leveraged to execute arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496161/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zerodayinitiative.com/advisories/ZDI-08-058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •