CVE-2008-1015
https://notcve.org/view.php?id=CVE-2008-1015
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. Desbordamiento de búfer en el tratamiento de datos de referencia Atom en Apple QuickTime antes de 7.4.5 permite a atacantes remotos ejecutar código de su elección a través de una película manipulada. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://secunia.com/advisories/29650 http://secunia.com/advisories/31034 http://securitytracker.com/id?1019759 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.vupen.com/english/advisories/2008/2064/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1014
https://notcve.org/view.php?id=CVE-2008-1014
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. Apple QuickTime antes de 7.4.5 no maneja adecuadamente URLs externas en películas, lo que permite a atacantes remotos obtener información sensible. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019758 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41602 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-1023
https://notcve.org/view.php?id=CVE-2008-1023
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. Desbordamiento de búfer en el opcode de análisis sintáctico Clip de Apple QuickTime antes de 7.4.5 en Windows permite a atacantes remotos ejecutar código de su elección a través de un archivo de imagen PICT manipulado. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019767 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41615 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1013
https://notcve.org/view.php?id=CVE-2008-1013
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. Apple QuickTime antes de 7.4.5 habilita la deserialización de objetos QTJava por applets de Java no confiables, lo que permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019757 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41601 •
CVE-2008-1016
https://notcve.org/view.php?id=CVE-2008-1016
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. Apple QuickTime antes de 7.4.5 no maneja adecuadamente las pistas de video, lo que permite a atacantes remotos ejecutar código de su elección a través de una película manipulada lo que provoca corrupción de la memoria • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019760 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 https://exchange.xforce.ibmcloud.com/vulnerabilities/41605 • CWE-94: Improper Control of Generation of Code ('Code Injection') •