CVE-2007-5045
https://notcve.org/view.php?id=CVE-2007-5045
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. Vulnerabilidad de inyección de argumentos en Apple QuickTime 7.1.5 y anteriores, cuando se ejecutan en sistemas con Mozilla Firefox anterior a 2.0.0.7 instalado, permite a atacantes remotos ejecutar comandos de su elección mediante un archivo de Enlace a Medios QuickTime (QuickTime Media Link o QTL) con un elemento XML embed y un parámetro qtnext que contiene el argumento de Firefox "-chrome". NOTA: este es un problema relacionado con CVE-2006-4965 y el resultado de un arreglo incompleto para CVE-2007-3670. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/26881 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox http://www.mozilla.org/security/announce/2007/mfsa2007-28.html http://www.novell.com/linux/security/advisories/2007_57_mozilla.html http://www.securityfocus.com/archive/1/479179/100/0/threaded http://www.vupen.com/english/advisories/2007/3197 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-2393
https://notcve.org/view.php?id=CVE-2007-2393
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. El diseño del QuickTime para Java en el Apple Quicktime anterior al 7.2 permite a atacantes remotos evitar ciertos controles de seguridad y escribir en procesos de memoria a través de applets de Java, posiblemente conllevando una ejecución de código de su elección. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36135 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35359 •
CVE-2007-2397
https://notcve.org/view.php?id=CVE-2007-2397
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. QuickTime para Java en Apple Quicktime versiones anteriores a 7.2 no comprueba los permisos apropiadamente, lo cual permite a atacantes remotos deshabilitar controles de seguridad y ejecutar código de su elección mediante applets Java manipulados. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36132 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35358 •
CVE-2007-2392
https://notcve.org/view.php?id=CVE-2007-2392
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. Apple Quicktime anterior al 7.2 en el Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de un fichero de vídeo modificado que dispara una corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36136 http://secunia.com/advisories/26034 http://www.kb.cert.org/vuls/id/582681 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35353 •
CVE-2007-2402
https://notcve.org/view.php?id=CVE-2007-2402
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. QuickTime para Java en Apple Quicktime anterior a 7.2 no realiza suficiente "control de acceso", lo cual permite a atacantes remotos obtener información sensible (contenido de la pantalla) mediante applets Java manipulados. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36131 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •