Page 37 of 224 results (0.009 seconds)

CVSS: 6.8EPSS: 12%CPEs: 2EXPL: 2

CVE-2007-0059 – Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting

https://notcve.org/view.php?id=CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. Vulnerabilidad de secuencias de comandos en zonas cruzadas en Apple Quicktime 3 hasta 7.1.3 permite a atacantes remotos con la ayuda del usuario ejecutar código de su elección y listar contenidos del sistema de ficheros mediante un película QuickTime (.MOV) con una pista HREF (HREFTrack) que contiene una etiqueta de acción automática con una URI local, que se ejecuta en una zona local durante la previsualización, tal y como se explota por un gusano MySpace. • https://www.exploit-db.com/exploits/3077 http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://osvdb.org/31164 http://projects.info-pull.com/moab/MOAB-03-01-2007.html http://www.gnucitizen.org/blog/backdooring-quicktime-movies http://www.kb.cert.org/vuls/id/304064 •

CVSS: 6.8EPSS: 96%CPEs: 1EXPL: 6

CVE-2007-0015 – Apple QuickTime - 'rtsp URL Handler' Remote Stack Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-0015

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. Un desbordamiento de búfer en Apple QuickTime versión 7.1.3, permite a atacantes remotos ejecutar código arbitrario por medio de un URI rtsp:// largo. • https://www.exploit-db.com/exploits/3064 https://www.exploit-db.com/exploits/3072 https://www.exploit-db.com/exploits/16527 http://docs.info.apple.com/article.html?artnum=304989 http://isc.sans.org/diary.html?storyid=2094 http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html http://lists.apple.com/archives/Security-announce/2007/Jan/msg00000.html http://projects.info-pull.com/moab/MOAB-01-01-2007.html http://secunia.com/advisories/23540 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 4

CVE-2006-4965 – Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

https://notcve.org/view.php?id=CVE-2006-4965

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Apple QuickTime 7.1.3 Player y sus plug-ins permiten a un atacante remoto ejecutar código JavaScript de su elección y posiblemente llevar a cabo otros ataques mediante un archivo QuickTime Media Link (QTL) con un elemento XML embebido y un parámetro qtnext que identifica recursos fuera del dominio original. NOTA: a fecha del 12-09-2007, este problema fue demostrado utilizando instancias de Components.interfaces.nsILocalFile y Components.interfaces.nsIProcess para ejecutar archivos locales de su elección en Firefox y posiblemente Internet Explorer. • https://www.exploit-db.com/exploits/28639 http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://secunia.com/advisories/22048 http://secunia.com/advisories/27414 http://securityreason.com/securityalert/1631 http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox http://www.gnucitizen.org/blog/backdooring-mp3-files http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up http://www.kb.cert.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 37%CPEs: 22EXPL: 2

CVE-2006-4381

https://notcve.org/view.php?id=CVE-2006-4381

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. Desbordamiento de búfer en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una película artesanal H.624 • http://docs.info.apple.com/article.html?artnum=304357 http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html http://secunia.com/advisories/21893 http://securityreason.com/securityalert/1551 http://securitytracker.com/id?1016830 http://secway.org/advisory/AD20060912.txt http://www.osvdb.org/28774 http://www.securityfocus.com/archive/1/445830/100/0/threaded http://www.securityfocus.com/bid/19976 http://www.vupen.com/english/advisories/2006/3577 https://exchang •

CVSS: 5.1EPSS: 15%CPEs: 22EXPL: 0

CVE-2006-4386

https://notcve.org/view.php?id=CVE-2006-4386

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. Desbordamiento de enteros en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una película H.624 artesanal, una cuestión diferente a CVE-2006-4381. • http://docs.info.apple.com/article.html?artnum=304357 http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt http://secunia.com/advisories/21893 http://secunia.com/advisories/29182 http://security.gentoo.org/glsa/glsa-200803-08.xml http://securityreason.com/securityalert/1550 http://securitytracker.com/id?1016830 http://www.kb.cert.org/vuls/id/554252 http://www.osvdb.org/28773 http&# •