CVE-2007-2396
https://notcve.org/view.php?id=CVE-2007-2396
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. El soporte JDirect de QuickTime para Java en Apple Quicktime anterior a 7.2 expone determinadas interfaces peligrosas, lo cual permite a atacantes remotos ejecutar código de su elección mediante applets Java manipulados. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36133 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35360 •
CVE-2007-2394 – Apple QuickTime < 7.2 - SMIL Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2394
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. Desbordamiento de entero en Apple Quicktime anterior a 7.2 en Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante los campos (1) title y (2) author modificados artesanalmente en un fichero SMIL, relacionado con cálculos indebidos para reserva de memoria. • https://www.exploit-db.com/exploits/4359 https://www.exploit-db.com/exploits/30292 http://docs.info.apple.com/article.html?artnum=305947 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36134 http://secunia.com/advisories/26034 http://www.securityfocus.com/archive/1/473882/100/100/threaded http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1 •
CVE-2007-2295
https://notcve.org/view.php?id=CVE-2007-2295
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file. Un desbordamiento de búfer en la región heap de la memoria en la función JVTCompEncodeFrame en Apple Quicktime versión 7.1.5 y otras versiones anteriores a 7.2, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo MOV H.264 especialmente diseñado. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://secunia.com/advisories/26034 http://security-protocols.com/sp-x45-advisory.php http://www.osvdb.org/35577 http://www.securityfocus.com/bid/23650 http://www.securitytracker.com/id?1017965 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-2296
https://notcve.org/view.php?id=CVE-2007-2296
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file. Un desbordamiento de enteros en la función FlipFileTypeAtom_BtoN en Apple Quicktime versión 7.1.5, y otras versiones anteriores a 7.2, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo M4V (MP4) especialmente diseñado. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://secunia.com/advisories/26034 http://security-protocols.com/sp-x46-advisory.php http://www.osvdb.org/35578 http://www.securityfocus.com/bid/23652 http://www.securitytracker.com/id?1017967 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https:/& • CWE-189: Numeric Errors •