CVSS: 9.3EPSS: 76%CPEs: 2EXPL: 4CVE-2008-0234 – QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0234
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Un desbordamiento de búfer en Apple Quicktime Player versión 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP está habilitado, permite a atacantes remotos ejecutar código arbitrario por medio de una respuesta Reason-Phrase larga a una petición rtsp://, como es demostrado usando un mensaje de error 404. • https://www.exploit-db.com/exploits/4885 https://www.exploit-db.com/exploits/4906 http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html http://secunia.com/advisories/28423 http://secunia.com/advisories/31034 http://securityreason.com/securityalert/3537 http://www.kb.cert.org/vuls/id/112179 http://www.securityfocus.com/archive/1/486091/100/0/threaded http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4707
https://notcve.org/view.php?id=CVE-2007-4707
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. Múltiples vulnerabilidades sin especificar en el manejador Flash de Apple QuickTime, en versiones anteriores a la 7.3.1, permite que atacantes remotos ejecuten código a su elección, o que se produzcan otros impactos no especificados a través de películas QuickTime manipuladas. • http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http://secunia.com/advisories/28092 http://www.securityfocus.com/bid/26866 http://www.securitytracker.com/id?1019099 http://www.vupen.com/english/advisories/2007/4217 https://exchange.xforce.ibmcloud.com/vulnerabilities/39030 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 8%CPEs: 1EXPL: 0CVE-2007-4706
https://notcve.org/view.php?id=CVE-2007-4706
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.3.1 permite a atacantes remotos ejecutar código de su elección mediante un fichero QTL artesanal. • http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http://osvdb.org/40883 http://secunia.com/advisories/28092 http://www.securityfocus.com/bid/26868 http://www.securitytracker.com/id?1019099 http://www.vupen.com/english/advisories/2007/4217 https://exchange.xforce.ibmcloud.com/vulnerabilities/39029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2007-6238
https://notcve.org/view.php?id=CVE-2007-6238
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166. Vulnerabilidad no especificada en Apple QuickTime 7.2 sobre Windows XP permite a atacantes remotos ejecutar código de su elección a través de un vector de ataque desconocido, probablemente una vulnerabilidad diferente que CVE-2007-6166. • http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185 http://www.securityfocus.com/bid/26682 http://www.securitytracker.com/id?1019039 https://exchange.xforce.ibmcloud.com/vulnerabilities/38852 •
CVSS: 9.3EPSS: 96%CPEs: 40EXPL: 8CVE-2007-6166 – Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2007-6166
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Un desbordamiento de búfer en la región stack de la memoria en Apple QuickTime anterior a la versión 7.3.1, como es usado en QuickTime Player en Windows XP y Safari en Mac OS X, permite a servidores remotos de Real Time Streaming Protocol (RTSP) ejecutar código arbitrario por medio de una respuesta RTSP con un encabezado Content-Type largo. • https://www.exploit-db.com/exploits/4648 https://www.exploit-db.com/exploits/16873 https://www.exploit-db.com/exploits/6013 https://www.exploit-db.com/exploits/4657 https://www.exploit-db.com/exploits/4664 https://www.exploit-db.com/exploits/4651 https://www.exploit-db.com/exploits/11027 https://www.exploit-db.com/exploits/16424 http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •