CVSS: 6.8EPSS: 33%CPEs: 1EXPL: 0CVE-2008-1584 – Apple QuickTime Indeo Video Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1584
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un contenido "Indeo video codec" manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking within Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/archive/1/493247/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29652 http://www.securitytracker.com/id?1020216 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references http://www.zerodayinitiative.com/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1585 – Apple QuickTime SMIL qtnext Redirect File Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-1585
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. Apple QuickTime anterior a 7.5 permite a atacantes remotos ejecutar programas de su elección a través de un archivo manipulado: URLs. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of SMIL text embedded in video formats. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://secunia.com/advisories/31034 http://support.apple.com/kb/HT1991 http://www.kb.cert.org/vuls/id/132419 http://www.securityfocus.com/archive/1/493248/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29650 http://www.securitytracker.com/id?1020217& • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2008-1013
https://notcve.org/view.php?id=CVE-2008-1013
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. Apple QuickTime antes de 7.4.5 habilita la deserialización de objetos QTJava por applets de Java no confiables, lo que permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019757 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41601 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1014
https://notcve.org/view.php?id=CVE-2008-1014
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. Apple QuickTime antes de 7.4.5 no maneja adecuadamente URLs externas en películas, lo que permite a atacantes remotos obtener información sensible. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019758 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41602 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 0CVE-2008-1015
https://notcve.org/view.php?id=CVE-2008-1015
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. Desbordamiento de búfer en el tratamiento de datos de referencia Atom en Apple QuickTime antes de 7.4.5 permite a atacantes remotos ejecutar código de su elección a través de una película manipulada. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://secunia.com/advisories/29650 http://secunia.com/advisories/31034 http://securitytracker.com/id?1019759 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.vupen.com/english/advisories/2008/2064/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •