Page 31 of 271 results (0.010 seconds)

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. Vulnerabilidad no especificada en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un archivo de ACC-encodec que genera una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29654 http://www.securitytracker.com/id?1020214 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42944 • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de una imagen PICT. Vulnerabilidad distinta de CVE-2008-1581. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29648 http://www.securitytracker.com/id?1020215 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42945 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 26%CPEs: 1EXPL: 0

Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.5, permite a atacantes remotos provocar una denegación de servicio (Caída) y la posibilidad de ejecutar código de su elección a través de un contenido "Indeo video codec" manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking within Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://support.apple.com/kb/HT1991 http://www.securityfocus.com/archive/1/493247/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29652 http://www.securitytracker.com/id?1020216 http://www.us-cert.gov/cas/techalerts/TA08-162C.html http://www.vupen.com/english/advisories/2008/1776/references http://www.zerodayinitiative.com/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. Apple QuickTime anterior a 7.5 permite a atacantes remotos ejecutar programas de su elección a través de un archivo manipulado: URLs. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of SMIL text embedded in video formats. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html http://secunia.com/advisories/29293 http://secunia.com/advisories/31034 http://support.apple.com/kb/HT1991 http://www.kb.cert.org/vuls/id/132419 http://www.securityfocus.com/archive/1/493248/100/0/threaded http://www.securityfocus.com/bid/29619 http://www.securityfocus.com/bid/29650 http://www.securitytracker.com/id?1020217& • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Apple QuickTime Player de Windows XP SP2 y Vista SP1 permite a atacantes remotos ejecutar código de su elección a través de un fichero media QuickTime manipulado. NOTA: a fecha 29/04/2008, la única revelación es un vago preaviso sin información de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con propósito de seguimiento. • http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp http://www.securityfocus.com/bid/28959 http://www.securitytracker.com/id?1019950 https://exchange.xforce.ibmcloud.com/vulnerabilities/42098 •