CVSS: 7.5EPSS: 84%CPEs: 1EXPL: 2CVE-2008-0778 – QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0778
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila en ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 y anteriores, permite a atacantes remotos causar una denegación de servicio y la posibilidad de ejecutar código de su elección a través de argumentos largos a los métodos: (1) setBgColor, (2) SetHREF, (3) SetMovieNAme, (4) SetTarget, y SetMatrix. • https://www.exploit-db.com/exploits/5110 http://securityreason.com/securityalert/3652 http://www.securityfocus.com/archive/1/488045/100/0/threaded http://www.securityfocus.com/bid/27769 https://exchange.xforce.ibmcloud.com/vulnerabilities/40475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 75%CPEs: 2EXPL: 4CVE-2008-0234 – QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0234
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Un desbordamiento de búfer en Apple Quicktime Player versión 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP está habilitado, permite a atacantes remotos ejecutar código arbitrario por medio de una respuesta Reason-Phrase larga a una petición rtsp://, como es demostrado usando un mensaje de error 404. • https://www.exploit-db.com/exploits/4885 https://www.exploit-db.com/exploits/4906 http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html http://secunia.com/advisories/28423 http://secunia.com/advisories/31034 http://securityreason.com/securityalert/3537 http://www.kb.cert.org/vuls/id/112179 http://www.securityfocus.com/archive/1/486091/100/0/threaded http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •