CVE-2015-7092 – Apple QuickTime ID3 Tag Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7092
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117. Apple QuickTime en versiones anteriores a 7.7.9 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica y caída de la aplicación) a través de un frame TXXX manipulado en una etiqueta ID3 en datos MP3 en un archivo movie, una vulnerabilidad diferente a CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091 y CVE-2015-7117. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ID3 version tags in MP3 files. By providing a malformed TXXX frame, an attacker can cause data to be written past the end of an allocated heap buffer. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00000.html http://www.securitytracker.com/id/1034610 http://www.zerodayinitiative.com/advisories/ZDI-16-002 https://support.apple.com/HT205638 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5785
https://notcve.org/view.php?id=CVE-2015-5785
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786. Vulnerabilidad en Apple QuickTime en versiones anteriores a 7.7.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo manipulado, una vulnerabilidad diferente a CVE-2015-5786. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html http://www.securitytracker.com/id/1033346 https://support.apple.com/HT205046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5786
https://notcve.org/view.php?id=CVE-2015-5786
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. Vulnerabilidad en Apple QuickTime en versiones anteriores a 7.7.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo manipulado, una vulnerabilidad diferente a CVE-2015-5785. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html http://www.securitytracker.com/id/1033346 https://support.apple.com/HT205046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3765
https://notcve.org/view.php?id=CVE-2015-3765
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. Vulnerabilidad en QuickTime 7 en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de archivos manipulados, una vulnerabilidad diferente a CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753 y CVE-2015-5779. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/kb/HT205031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3779
https://notcve.org/view.php?id=CVE-2015-3779
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. Vulnerabilidad en QuickTime 7 en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo manipulado, una vulnerabilidad diferente a CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753 y CVE-2015-5779. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/kb/HT205031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •