CVSS: 9.3EPSS: 43%CPEs: 1EXPL: 0CVE-2008-3625 – Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3625
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms. Desbordamiento de búfer basado en pila en Apple QuickTime anterior 7.5.5, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación), mediante un fichero de película QuickTime Virtual Reality (QTVR) con los elementos manipulados (1) maxTilt, (2) minFieldOfView y (3) maxFieldOfView en las pistas panorama de los átomos PDAT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of panorama track PDAT atoms. When the maxTilt, minFieldOfView and maxFieldOfView elements are corrupted, a stack buffer overflow occurs which can be further leveraged to execute arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496161/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zerodayinitiative.com/advisories/ZDI-08-058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 29EXPL: 0CVE-2008-1739
https://notcve.org/view.php?id=CVE-2008-1739
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. Apple QuickTime versiones anteriores a 7.4.5 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de átomos ftyp manipulados en un fichero de película, lo cual dispara una corrupción de memoria. • http://support.apple.com/kb/HT1241 https://exchange.xforce.ibmcloud.com/vulnerabilities/45144 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 0CVE-2008-1581
https://notcve.org/view.php?id=CVE-2008-1581
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.5 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un paquete de "scanlines" manipulado un las estructuras de PixData en una imagen PICT. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://secunia.com/secunia_research/2008-9/advisory http://support.apple.com/kb/HT1991 http://www.securityfocus.com/archive/1/493225/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29649 http://www.securitytracker.com/id?1020213 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1583
https://notcve.org/view.php?id=CVE-2008-1583
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de una imagen PICT. Vulnerabilidad distinta de CVE-2008-1581. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29648 http://www.securitytracker.com/id?1020215 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0CVE-2008-1582
https://notcve.org/view.php?id=CVE-2008-1582
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. Vulnerabilidad no especificada en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un archivo de ACC-encodec que genera una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29654 http://www.securitytracker.com/id?1020214 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42944 • CWE-399: Resource Management Errors •