CVE-2007-2389
https://notcve.org/view.php?id=CVE-2007-2389
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. Apple QuickTime para Java 7.1.6 en Mac OS X y Windows no limpia zonas de memoria potencialmente sensibles antes de usarla, lo cual permite a atacantes remotos leer la memoria desde un navegador web a través de vectores desconocidos relacionados con applets Java. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://www.kb.cert.org/vuls/id/434748 http://www.osvdb.org/35575 http://www.securityfocus.com/bid/24222 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 https://exchange.xforce.ibmcloud.com/vulnerabilities/34571 •
CVE-2007-2388
https://notcve.org/view.php?id=CVE-2007-2388
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. Apple QuickTime para Java versión 7.1.6 en Mac OS X y Windows, no restringe apropiadamente la subclase de QTObject, lo que permite a atacantes remotos ejecutar código arbitrario por medio de una página web que contiene una clase definida por el usuario que accede a funciones no seguras que pueden ser aprovechadas para escribir en ubicaciones de memoria arbitrarias. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://secunia.com/secunia_research/2007-52/advisory http://www.kb.cert.org/vuls/id/995836 http://www.osvdb.org/35576 http://www.securityfocus.com/bid/24221 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-0754
https://notcve.org/view.php?id=CVE-2007-0754
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.1.3 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de un tamaño atom Sample Table Sample Descriptor (STSD) manipulado en una película QuickTime. • http://docs.info.apple.com/article.html?artnum=304357 http://dvlabs.tippingpoint.com/advisory/TPTI-07-07 http://securityreason.com/securityalert/2703 http://www.osvdb.org/35574 http://www.securityfocus.com/archive/1/468305/100/0/threaded http://www.securityfocus.com/bid/23923 https://exchange.xforce.ibmcloud.com/vulnerabilities/34244 •
CVE-2007-2295
https://notcve.org/view.php?id=CVE-2007-2295
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file. Un desbordamiento de búfer en la región heap de la memoria en la función JVTCompEncodeFrame en Apple Quicktime versión 7.1.5 y otras versiones anteriores a 7.2, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo MOV H.264 especialmente diseñado. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://secunia.com/advisories/26034 http://security-protocols.com/sp-x45-advisory.php http://www.osvdb.org/35577 http://www.securityfocus.com/bid/23650 http://www.securitytracker.com/id?1017965 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-2296
https://notcve.org/view.php?id=CVE-2007-2296
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file. Un desbordamiento de enteros en la función FlipFileTypeAtom_BtoN en Apple Quicktime versión 7.1.5, y otras versiones anteriores a 7.2, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo M4V (MP4) especialmente diseñado. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://secunia.com/advisories/26034 http://security-protocols.com/sp-x46-advisory.php http://www.osvdb.org/35578 http://www.securityfocus.com/bid/23652 http://www.securitytracker.com/id?1017967 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https:/& • CWE-189: Numeric Errors •