Page 28 of 233 results (0.014 seconds)

CVSS: 6.8EPSS: 26%CPEs: 1EXPL: 0

Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un contenido "Indeo video codec" manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking within Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/archive/1/493247/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29652 http://www.securitytracker.com/id?1020216 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references http://www.zerodayinitiative.com/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. Apple QuickTime anterior a 7.5 permite a atacantes remotos ejecutar programas de su elección a través de un archivo manipulado: URLs. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of SMIL text embedded in video formats. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://secunia.com/advisories/31034 http://support.apple.com/kb/HT1991 http://www.kb.cert.org/vuls/id/132419 http://www.securityfocus.com/archive/1/493248/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29650 http://www.securitytracker.com/id?1020217& • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. Desbordamiento de búfer en el opcode de análisis sintáctico Clip de Apple QuickTime antes de 7.4.5 en Windows permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen PICT manipulado. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019767 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41615 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. Apple QuickTime antes de 7.4.5 habilita la deserialización de objetos QTJava por applets de Java no confiables, lo que permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019757 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41601 •

CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0

Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. Apple QuickTime antes de 7.4.5 no maneja adecuadamente las pistas de video, lo que permite a atacantes remotos ejecutar código de su elección a través de una película manipulada lo que provoca corrupción de la memoria • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019760 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41605 • CWE-94: Improper Control of Generation of Code ('Code Injection') •