CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2011-3457
https://notcve.org/view.php?id=CVE-2011-3457
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program. La implementación de OpenGL en Apple Mac OS X antes de v10.7.3 no realiza adecuadamente la compilación de OpenGL Shading Language (también conocido como GLSL), lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un programa especificamente creado para este fin. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2011-3453
https://notcve.org/view.php?id=CVE-2011-3453
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data. Desbordamiento de entero en libresolv en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria dinámica -heap- y caída de la aplicación) a través de datos DNS manipulados. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2012/Mar/msg00002.html http://secunia.com/advisories/48288 http://secunia.com/advisories/48289 http://support.apple.com/kb/HT5130 http://www.securitytracker.com/id?1026774 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2011-3458 – Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3458
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file. QuickTime en Apple Mac OS X antes de v10.7.3 no impide el acceso a los lugares memoria no inicializada, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un archivo MP4 manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5261 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 3%CPEs: 24EXPL: 0CVE-2011-3459 – Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3459
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow. Error de superación de límite (off-by-one) en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un átomo rdrf manipulado en un archivo de película que provoca un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5261 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 6%CPEs: 24EXPL: 0CVE-2011-3460 – Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3460
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. Desbordamiento de búfer en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de un archivo PNG manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5261 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •