CVE-2007-4677 – Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-4677
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante un tamaño inválido de tabla de color cuando se analiza el átomo de tabla de color (color table atom o CTAB) en un archivo de película, relacionado con los valores CTAB RGB. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. • http://docs.info.apple.com/article.html?artnum=306896 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html http://secunia.com/advisories/27523 http://securityreason.com/securityalert/3352 http://www.kb.cert.org/vuls/id/445083 http://www.osvdb.org/38544 http://www.securityfocus.com/archive/1/483312/100/0/threaded http://www.securityfocus.com/bid/26338 http://www.securitytracker.com/id?1018894 http://www.us-cert.gov/cas/techalerts/TA07-310A.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4672 – Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-4672
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante una longitud de código de operación (opcode) UncompressedQuickTimeData inválida en una imagen PICT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. • http://docs.info.apple.com/article.html?artnum=306896 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html http://osvdb.org/38547 http://secunia.com/advisories/27523 http://securityreason.com/securityalert/3350 http://www.securityfocus.com/archive/1/483314/100/0/threaded http://www.securityfocus.com/bid/26344 http://www.securitytracker.com/id?1018894 http://www.us-cert.gov/cas/techalerts/TA07-310A.html http://www.vupen.com/english/advisories/2007/3723 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4673
https://notcve.org/view.php?id=CVE-2007-4673
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. Vulnerabilidad de inyección de argumentos en Apple QuickTime 7.2 para Windows XP SP2 y Vista permite a atacantes remotos ejecutar comandos de su elección mediante un URL en el campo qtnext de un archivo QTL manipulado. NOTA: este problema puede estar relacionado con CVE-2006-4965 o CVE-2007-5045. • http://docs.info.apple.com/article.html?artnum=306560 http://lists.apple.com/archives/Security-announce/2007/Oct/msg00000.html http://osvdb.org/40434 http://www.securityfocus.com/bid/25913 https://exchange.xforce.ibmcloud.com/vulnerabilities/36937 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2007-5045
https://notcve.org/view.php?id=CVE-2007-5045
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. Vulnerabilidad de inyección de argumentos en Apple QuickTime 7.1.5 y anteriores, cuando se ejecutan en sistemas con Mozilla Firefox anterior a 2.0.0.7 instalado, permite a atacantes remotos ejecutar comandos de su elección mediante un archivo de Enlace a Medios QuickTime (QuickTime Media Link o QTL) con un elemento XML embed y un parámetro qtnext que contiene el argumento de Firefox "-chrome". NOTA: este es un problema relacionado con CVE-2006-4965 y el resultado de un arreglo incompleto para CVE-2007-3670. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/26881 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox http://www.mozilla.org/security/announce/2007/mfsa2007-28.html http://www.novell.com/linux/security/advisories/2007_57_mozilla.html http://www.securityfocus.com/archive/1/479179/100/0/threaded http://www.vupen.com/english/advisories/2007/3197 http • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-2393
https://notcve.org/view.php?id=CVE-2007-2393
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. El diseño del QuickTime para Java en el Apple Quicktime anterior al 7.2 permite a atacantes remotos evitar ciertos controles de seguridad y escribir en procesos de memoria a través de applets de Java, posiblemente conllevando una ejecución de código de su elección. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36135 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35359 •