CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0CVE-2008-3627 – Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3627
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. Apple QuickTime anterior a 7.5.5 , no maneja adecuadamente (1) los átomos MDAT de los ficheros de vídeo MP4 en QuickTimeH264.qtx, (2) los átomos MDAT de los ficheros mov de vídeo en QuickTimeH264.scalar y (3) los átomos AVC1 en un tipo de medio desconocido de un componente no especificado; esto permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la cabecera y caída de la aplicación) a través de un fichero de película manipulado y codificado con H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496163/100/0/threaded http://www.securityfocus.com/archive/1/496175/100/0/threaded http://www.securityfocus.com/archive/1/496176/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zer • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 29EXPL: 0CVE-2008-1739
https://notcve.org/view.php?id=CVE-2008-1739
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. Apple QuickTime versiones anteriores a 7.4.5 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de átomos ftyp manipulados en un fichero de película, lo cual dispara una corrupción de memoria. • http://support.apple.com/kb/HT1241 https://exchange.xforce.ibmcloud.com/vulnerabilities/45144 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0CVE-2008-1582
https://notcve.org/view.php?id=CVE-2008-1582
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. Vulnerabilidad no especificada en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un archivo de ACC-encodec que genera una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29654 http://www.securitytracker.com/id?1020214 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42944 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1583
https://notcve.org/view.php?id=CVE-2008-1583
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de una imagen PICT. Vulnerabilidad distinta de CVE-2008-1581. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29648 http://www.securitytracker.com/id?1020215 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 0CVE-2008-1581
https://notcve.org/view.php?id=CVE-2008-1581
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.5 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un paquete de "scanlines" manipulado un las estructuras de PixData en una imagen PICT. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://secunia.com/secunia_research/2008-9/advisory http://support.apple.com/kb/HT1991 http://www.securityfocus.com/archive/1/493225/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29649 http://www.securitytracker.com/id?1020213 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •