CVE-2008-3615
https://notcve.org/view.php?id=CVE-2008-3615
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. El archivo ir50_32.qtx en un códec no especificado de terceros de Indeo versión v5 para QuickTime, cuando se utiliza con Apple QuickTime anterior a versión 7.5.5 en Windows, accede a la memoria no inicializada, lo que permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo de película creado. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec http://www.securityfocus.com/archive/1/496358/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 • CWE-399: Resource Management Errors •
CVE-2008-3614
https://notcve.org/view.php?id=CVE-2008-3614
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. Desbordamiento de entero en Apple QuickTime anterior 7.5.5 sobre Windows, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada que lanza un corrupción de montículo (heap). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744 http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31821 http://secunia.com/advisories/31882 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://support.apple.com/kb/HT3137 http://www.securityfocus.com/bid/31086 http://www.securitytracker.com/id?1020879 • CWE-189: Numeric Errors •
CVE-2008-3635 – Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3635
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de búfer basado en pila en QuickTimeInternetExtras.qtx en un codec de Indeo v3.2 (también conocido como IV32) de terceros que no se ha especificado y que es para QuickTime, cuando se utiliza con Apple QuickTime anterior a 7.5.5 en Windows; permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de película manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Indeo video codec. A lack of proper bounds checking within QuickTimeInternetExtras.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496201/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zerodayinitiative.com/advisories/ZDI-08-057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3627 – Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3627
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. Apple QuickTime anterior a 7.5.5 , no maneja adecuadamente (1) los átomos MDAT de los ficheros de vídeo MP4 en QuickTimeH264.qtx, (2) los átomos MDAT de los ficheros mov de vídeo en QuickTimeH264.scalar y (3) los átomos AVC1 en un tipo de medio desconocido de un componente no especificado; esto permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) a través de un fichero de película manipulado y codificado con H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496163/100/0/threaded http://www.securityfocus.com/archive/1/496175/100/0/threaded http://www.securityfocus.com/archive/1/496176/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zer • CWE-399: Resource Management Errors •
CVE-2008-3626 – Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3626
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. La función CallComponentFunctionWithStorage en Apple QuickTime anterior a 7.5.5 no maneja adecuadamente una entrada larga en el sample_size_table en "átomos" STSZ, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo de película modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ atoms within the function CallComponentFunctionWithStorage(). When an entry in the sample_size_table is too large, a memory corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html http://marc.info/?l=bugtraq&m=122099929821288&w=2 http://secunia.com/advisories/31821 http://secunia.com/advisories/32121 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://support.apple.com/kb/HT3189 http://www.securityfocus.com/bid/31086 http://www.securityfocus.com/bid/31546 http://www.vup • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •