CVSS: 7.5EPSS: 9%CPEs: 136EXPL: 0CVE-2011-3222 – Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3222
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Desbordamiento de búfer basado en pila en Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código de su elección a través o causar una denegación de servicio (caída de la aplicación) mediante un fichero FlashPix manipulado This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles flashpix files. When a flashpix contains a tile that has a Compression Type 0x2 (JPEG) and an 'JPEG tables selector' value that is bigger then the global stream property 'Maximum JPEG table index', Quicktime will write outside the global JPEG table. This corruption could lead to remote code execution under the context of the current user. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76379 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5016 http://www.securityfocus.com/bid/50085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 9%CPEs: 136EXPL: 0CVE-2011-3223 – Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3223
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. Desbordamiento de búfer basado en pila en QuickTime in Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) mediante un fichero de película FLIC manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76380 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5016 http://www.securityfocus.com/bid/50085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 136EXPL: 0CVE-2011-0230
https://notcve.org/view.php?id=CVE-2011-0230
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer en la API de ATSFontDeactivate en Apple Type Services (ATS) en Apple Mac OS X v10.7.2 y anteriores que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 132EXPL: 0CVE-2011-0224
https://notcve.org/view.php?id=CVE-2011-0224
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. CoreMedia en Apple Mac OS X v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de un archivo de película QuickTime manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 136EXPL: 0CVE-2011-0231
https://notcve.org/view.php?id=CVE-2011-0231
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." CFNetwork en Apple Mac OS X v10.7.2 no aplica de forma adecuada la política de almacenamiento de cookies, lo que hace que sea fácil para servidores Web remotos rastrear a los usuarios a través de una cookie, en relación con un "problema de sincronización". • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •