CVSS: 9.3EPSS: 71%CPEs: 14EXPL: 2CVE-2007-2394 – Apple QuickTime < 7.2 - SMIL Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2394
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. Desbordamiento de entero en Apple Quicktime anterior a 7.2 en Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante los campos (1) title y (2) author modificados artesanalmente en un fichero SMIL, relacionado con cálculos indebidos para reserva de memoria. • https://www.exploit-db.com/exploits/4359 https://www.exploit-db.com/exploits/30292 http://docs.info.apple.com/article.html?artnum=305947 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36134 http://secunia.com/advisories/26034 http://www.securityfocus.com/archive/1/473882/100/100/threaded http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1 •
CVSS: 9.3EPSS: 10%CPEs: 1EXPL: 0CVE-2007-0754
https://notcve.org/view.php?id=CVE-2007-0754
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.1.3 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de un tamaño atom Sample Table Sample Descriptor (STSD) manipulado en una película QuickTime. • http://docs.info.apple.com/article.html?artnum=304357 http://dvlabs.tippingpoint.com/advisory/TPTI-07-07 http://securityreason.com/securityalert/2703 http://www.osvdb.org/35574 http://www.securityfocus.com/archive/1/468305/100/0/threaded http://www.securityfocus.com/bid/23923 https://exchange.xforce.ibmcloud.com/vulnerabilities/34244 •
CVSS: 5.8EPSS: 7%CPEs: 10EXPL: 0CVE-2007-0713
https://notcve.org/view.php?id=CVE-2007-0713
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. Desbordamiento de búfer basado en montón en Apple QuickTime anterior a 7.1.5 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un archivo de película QuickTime manipulado. • http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://secunia.com/advisories/24359 http://www.kb.cert.org/vuls/id/880561 http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt http://www.securityfocus.com/archive/1/461983/100/0/threaded http://www.securityfocus.com/bid/22827 http://www.securityfocus.com/bid/22843 http://www.securitytracker.com/id?1017725 http://www.us-cert.gov&# •
CVSS: 9.3EPSS: 4%CPEs: 75EXPL: 0CVE-2007-0712
https://notcve.org/view.php?id=CVE-2007-0712
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. Desbordamiento de búfer basado en montón en Apple QuickTime anterior a 7.1.5 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante un archivo MIDI manipulado. • http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://osvdb.org/33904 http://secunia.com/advisories/24359 http://www.kb.cert.org/vuls/id/822481 http://www.securityfocus.com/bid/22827 http://www.securitytracker.com/id?1017725 http://www.us-cert.gov/cas/techalerts/TA07-065A.html http://www.vupen.com/english/advisories/2007/0825 https://exchange.xforce.ibmcloud.com/vulnerabilities/32816 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 5%CPEs: 10EXPL: 0CVE-2007-0715
https://notcve.org/view.php?id=CVE-2007-0715
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. Desbordamiento de búfer basado en montón en Apple QuickTime anterior a 7.1.5 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída)y posiblemente ejecutar código de su elección mediante un archivo PICT manipulado. • http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://osvdb.org/33901 http://secunia.com/advisories/24359 http://www.kb.cert.org/vuls/id/448745 http://www.securityfocus.com/bid/22827 http://www.securitytracker.com/id?1017725 http://www.us-cert.gov/cas/techalerts/TA07-065A.html http://www.vupen.com/english/advisories/2007/0825 https://exchange.xforce.ibmcloud.com/vulnerabilities/32821 •