Page 30 of 233 results (0.011 seconds)

CVSS: 6.8EPSS: 8%CPEs: 1EXPL: 0

CVE-2008-1021 – Apple QuickTime Run Length Encoding Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-1021

Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. Desbordamiento de búfer basado en montículo en el controlador de contenido Animation codec de Apple QuickTime antes de 7.4.5 en Windows permite a atacantes remotos ejecutar código de su elección a través de una película manipulada con codificación de longitud de ejecución. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Animation codec. A lack of proper length checks can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019765 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490462/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.zerodayinitiative.com/advisories/ZDI-08-018 https://exchange.xforce.ibmcloud.com/vulnerabilities/41612 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 76%CPEs: 1EXPL: 0

CVE-2008-1019 – Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-1019

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. Desbordamiento de búfer basado en montículo en quickTime.qts de Apple QuickTime antes de 7.4.5 permite ejecutar código de su elección a través de un archivo de imagen PICT manipulado, relacionado con un copy loop (bucle de copia) fr memoria terminado incorrectamente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. • http://secunia.com/advisories/29650 http://securitytracker.com/id?1019763 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490459/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.zerodayinitiative.com/advisories/ZDI-08-014 https://exchange.xforce.ibmcloud.com/vulnerabilities/41609 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 21%CPEs: 1EXPL: 0

CVE-2008-1017 – Apple QuickTime Clipping Region Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2008-1017

Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. Desbordamiento de búfer basado en montículo en el manejo atom de la región de saturación (aka crgn) en quicktime.qts en Apple QuickTime antes de 7.4.5 permite a atacantes remotos ejecutar código de su elección a través de una película manipulada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library. The vulnerability resides in the component's parsing of 'crgn' atoms. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://secunia.com/advisories/29650 http://secunia.com/advisories/31034 http://securitytracker.com/id?1019761 http://support.apple.com/kb/HT1241 http://www.securityfocus.com/archive/1/490460/100/0/threaded http://www.securityfocus.com/bid/28583 http://www.us-cert.gov/cas/techalerts/TA08-094A.html http://www.vupen.com/english/advisories/2008/1078 http://www.vupen.com/english/advisories/2008/2064& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 79%CPEs: 1EXPL: 2

CVE-2008-0778 – QuickTime 7.4.1 - 'QTPlugin.ocx' Multiple Stack Overflow Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-0778

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila en ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 y anteriores, permite a atacantes remotos causar una denegación de servicio y la posibilidad de ejecutar código de su elección a través de argumentos largos a los métodos: (1) setBgColor, (2) SetHREF, (3) SetMovieNAme, (4) SetTarget, y SetMatrix. • https://www.exploit-db.com/exploits/5110 http://securityreason.com/securityalert/3652 http://www.securityfocus.com/archive/1/488045/100/0/threaded http://www.securityfocus.com/bid/27769 https://exchange.xforce.ibmcloud.com/vulnerabilities/40475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 57%CPEs: 1EXPL: 0

CVE-2008-0033

https://notcve.org/view.php?id=CVE-2008-0033

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. Una vulnerabilidad no especificada en Apple QuickTime versiones anteriores a 7.4, permite a los atacantes remotos causar una denegación de servicio (finalización de aplicación) y ejecutar código arbitrario por medio de un archivo de película con átomos de Image Descriptor (IDSC) que contiene un tamaño de átomo no válido, lo que desencadena una corrupción de la memoria. • http://docs.info.apple.com/article.html?artnum=307301 http://dvlabs.tippingpoint.com/advisory/TPTI-08-01 http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html http://secunia.com/advisories/28502 http://www.securityfocus.com/archive/1/486413/100/0/threaded http://www.securityfocus.com/bid/27299 http://www.securitytracker.com/id?1019221 http://www.us-cert.gov/cas/techalerts/TA08-016A.html http://www.vupen.com/english/advisories/2008/0148 https://exchange • CWE-399: Resource Management Errors •