Page 39 of 233 results (0.011 seconds)

CVSS: 6.8EPSS: 96%CPEs: 1EXPL: 6

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. Un desbordamiento de búfer en Apple QuickTime versión 7.1.3, permite a atacantes remotos ejecutar código arbitrario por medio de un URI rtsp:// largo. • https://www.exploit-db.com/exploits/3064 https://www.exploit-db.com/exploits/3072 https://www.exploit-db.com/exploits/16527 http://docs.info.apple.com/article.html?artnum=304989 http://isc.sans.org/diary.html?storyid=2094 http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html http://lists.apple.com/archives/Security-announce/2007/Jan/msg00000.html http://projects.info-pull.com/moab/MOAB-01-01-2007.html http://secunia.com/advisories/23540 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 4

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Apple QuickTime 7.1.3 Player y sus plug-ins permiten a un atacante remoto ejecutar código JavaScript de su elección y posiblemente llevar a cabo otros ataques mediante un archivo QuickTime Media Link (QTL) con un elemento XML embebido y un parámetro qtnext que identifica recursos fuera del dominio original. NOTA: a fecha del 12-09-2007, este problema fue demostrado utilizando instancias de Components.interfaces.nsILocalFile y Components.interfaces.nsIProcess para ejecutar archivos locales de su elección en Firefox y posiblemente Internet Explorer. • https://www.exploit-db.com/exploits/28639 http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://secunia.com/advisories/22048 http://secunia.com/advisories/27414 http://securityreason.com/securityalert/1631 http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox http://www.gnucitizen.org/blog/backdooring-mp3-files http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up http://www.kb.cert.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 13%CPEs: 23EXPL: 0

Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. Múltiples desbordamientos de búfer en Apple QuickTime anterior a 7.1.3 permite a atacantes con la complicidad del usuario ejecutar código de su elección a través de una película QuickTime modificada. • http://docs.info.apple.com/article.html?artnum=304357 http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html http://secunia.com/advisories/21893 http://secunia.com/advisories/29182 http://security.gentoo.org/glsa/glsa-200803-08.xml http://securityreason.com/securityalert/1554 http://securitytracker.com/id?1016830 http://www.kb.cert.org/vuls/id/683700 http://www.osvdb.org/28772 http://www.securityfocus.com/archive/1/445888/100/0/threaded http://www. •

CVSS: 5.1EPSS: 37%CPEs: 22EXPL: 2

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. Desbordamiento de búfer en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de una película artesanal H.624 • http://docs.info.apple.com/article.html?artnum=304357 http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html http://secunia.com/advisories/21893 http://securityreason.com/securityalert/1551 http://securitytracker.com/id?1016830 http://secway.org/advisory/AD20060912.txt http://www.osvdb.org/28774 http://www.securityfocus.com/archive/1/445830/100/0/threaded http://www.securityfocus.com/bid/19976 http://www.vupen.com/english/advisories/2006/3577 https://exchang •

CVSS: 5.1EPSS: 10%CPEs: 22EXPL: 0

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. Desbordamiento de enteros en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar código de su elección a través de un fichero artesanal FlashPix. • http://docs.info.apple.com/article.html?artnum=304357 http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html http://secunia.com/advisories/21893 http://secunia.com/advisories/29182 http://security.gentoo.org/glsa/glsa-200803-08.xml http://securityreason.com/securityalert/1554 http://securitytracker.com/id?1016830 http://www.kb.cert.org/vuls/id/200316 http://www.osvdb.org/28770 http://www.securityfocus.com/archive/1/445888/100/0/threaded http://www. •