CVSS: 6.8EPSS: 26%CPEs: 1EXPL: 0CVE-2008-1018 – Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1018
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. Desbordamiento de búfer basado en montículo en Apple QuickTime antes de 7.4.5 permite a atacantes remotos ejecutar código de su elección a través de una película MP4A con un átomo canal Compositor (aka chan) mal formado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the parsing of the QuickTime Channel Compositor atom. When the movie file contains a malformed 'chan' atom, a heap corruption occurs resulting in the execution of arbitrary code. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://secunia.com/advisories/29650 http://secunia.com/advisories/31034 http://securitytracker.com/id?1019762 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490467/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.vupen.com/english/advisories/2008/2064& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 76%CPEs: 1EXPL: 0CVE-2008-1019 – Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1019
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. Desbordamiento de búfer basado en montículo en quickTime.qts de Apple QuickTime antes de 7.4.5 permite ejecutar código de su elección a través de un archivo de imagen PICT manipulado, relacionado con un copy loop (bucle de copia) fr memoria terminado incorrectamente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019763 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490459/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.zerodayinitiative.com/advisories/ZDI-08-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/41609 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 76%CPEs: 1EXPL: 0CVE-2008-1020 – Apple QuickTime Kodak Encoding Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1020
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. Desbordamiento de búfer basado en montículo en quickTime.qts de Apple QuickTime antes de 7.4.5 en Windows permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen PICT manipulado con codificación Kodak, relacionado con comprobaciones y mensajes de error. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library responsible for parsing Kodak encoded images. A lack of proper error checking can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019764 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490468/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.zerodayinitiative.com/advisories/ZDI-08-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/41610 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 8%CPEs: 1EXPL: 0CVE-2008-1021 – Apple QuickTime Run Length Encoding Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1021
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. Desbordamiento de búfer basado en montículo en el controlador de contenido Animation codec de Apple QuickTime antes de 7.4.5 en Windows permite a atacantes remotos ejecutar código de su elección a través de una película manipulada con codificación de longitud de ejecución. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Animation codec. A lack of proper length checks can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019765 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490462/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.zerodayinitiative.com/advisories/ZDI-08-018 https://exchange.xforce.ibmcloud.com/vulnerabilities/41612 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 76%CPEs: 1EXPL: 0CVE-2008-1022 – Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1022
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. Desbordamiento de búfer en Apple QuickTime antes de 7.4.5 permite a atacantes remotos ejecutar código de su elección a través de una película VR manipulada con un átomo obji de tamaño cero. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the QuickTime VR 'obji' atom. When the size of the atom is set to 0, a stack overflow condition occurs resulting in the execution of arbitrary code. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019766 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490461/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.zerodayinitiative.com/advisories/ZDI-08-019 https://exchange.xforce.ibmcloud.com/vulnerabilities/41613 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •