CVSS: 6.8EPSS: 7%CPEs: 1EXPL: 0CVE-2008-0036
https://notcve.org/view.php?id=CVE-2008-0036
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. Desbordamiento de búfer en Apple QuickTime anterior a 7.4 permite a atacantes remotos ejecutar código de su elección a través de una imagen comprimida manipulada PICT, el cual dispara el desbordamiento durante la decodificación. • http://docs.info.apple.com/article.html?artnum=307301 http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html http://secunia.com/advisories/28502 http://secunia.com/advisories/31034 http://www.securityfocus.com/bid/27300 http://www.securitytracker.com/id?1019221 http://www.us-cert.gov/cas/techalerts/TA08-016A.html http://www.vupen.com/english/advisories/2008/0148 http://www.vupen. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 8%CPEs: 1EXPL: 0CVE-2008-0032
https://notcve.org/view.php?id=CVE-2008-0032
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. Apple QuickTime before 7.4 permite a atacantes remotos ejecutar código de su elección a través de un archivo de película que contiene un registro Macintosh Resource con valor de longitud modificado en la cabecera del recurso, el cual dispara una corrupción de pila. • http://docs.info.apple.com/article.html?artnum=307301 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642 http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html http://secunia.com/advisories/28502 http://www.securityfocus.com/bid/27301 http://www.securitytracker.com/id?1019221 http://www.us-cert.gov/cas/techalerts/TA08-016A.html http://www.vupen.com/english/advisories/2008/0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/39696 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 4%CPEs: 1EXPL: 0CVE-2008-0031
https://notcve.org/view.php?id=CVE-2008-0031
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. Vulnerabilidad no especificada en Apple QuickTime anterior a 7.4 permite a atacantes remotos provocar denegación de servicio (fin de la aplicación) y ejecutar código de su elección a través de un archivo de video manipulado Sorenson 3, el cual dispara corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=307301 http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html http://secunia.com/advisories/28502 http://www.securityfocus.com/bid/27298 http://www.securitytracker.com/id?1019221 http://www.us-cert.gov/cas/techalerts/TA08-016A.html http://www.vupen.com/english/advisories/2008/0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/39695 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 76%CPEs: 2EXPL: 4CVE-2008-0234 – QuickTime Player 7.3.1.70 - 'RTSP' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-0234
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Un desbordamiento de búfer en Apple Quicktime Player versión 7.3.1.70 y otras versiones anteriores a 7.4.1, cuando el tunelado de RTSP está habilitado, permite a atacantes remotos ejecutar código arbitrario por medio de una respuesta Reason-Phrase larga a una petición rtsp://, como es demostrado usando un mensaje de error 404. • https://www.exploit-db.com/exploits/4885 https://www.exploit-db.com/exploits/4906 http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html http://secunia.com/advisories/28423 http://secunia.com/advisories/31034 http://securityreason.com/securityalert/3537 http://www.kb.cert.org/vuls/id/112179 http://www.securityfocus.com/archive/1/486091/100/0/threaded http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2007-4707
https://notcve.org/view.php?id=CVE-2007-4707
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. Múltiples vulnerabilidades sin especificar en el manejador Flash de Apple QuickTime, en versiones anteriores a la 7.3.1, permite que atacantes remotos ejecuten código a su elección, o que se produzcan otros impactos no especificados a través de películas QuickTime manipuladas. • http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http://secunia.com/advisories/28092 http://www.securityfocus.com/bid/26866 http://www.securitytracker.com/id?1019099 http://www.vupen.com/english/advisories/2007/4217 https://exchange.xforce.ibmcloud.com/vulnerabilities/39030 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •