CVE-2008-1582
https://notcve.org/view.php?id=CVE-2008-1582
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. Vulnerabilidad no especificada en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un archivo de ACC-encodec que genera una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29654 http://www.securitytracker.com/id?1020214 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42944 • CWE-399: Resource Management Errors •
CVE-2008-1583
https://notcve.org/view.php?id=CVE-2008-1583
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de una imagen PICT. Vulnerabilidad distinta de CVE-2008-1581. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29648 http://www.securitytracker.com/id?1020215 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1584 – Apple QuickTime Indeo Video Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1584
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un contenido "Indeo video codec" manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking within Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/archive/1/493247/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29652 http://www.securitytracker.com/id?1020216 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references http://www.zerodayinitiative.com/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1585 – Apple QuickTime SMIL qtnext Redirect File Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-1585
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. Apple QuickTime anterior a 7.5 permite a atacantes remotos ejecutar programas de su elección a través de un archivo manipulado: URLs. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of SMIL text embedded in video formats. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://secunia.com/advisories/31034 http://support.apple.com/kb/HT1991 http://www.kb.cert.org/vuls/id/132419 http://www.securityfocus.com/archive/1/493248/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29650 http://www.securitytracker.com/id?1020217& • CWE-20: Improper Input Validation •