Page 4 of 143 results (0.003 seconds)

CVSS: 6.8EPSS: 19%CPEs: 2EXPL: 0

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. QT Media Foundation en Apple QuickTime anterior a 7.7.7, utilizado en OS X anterior a 10.10.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, y CVE-2015-3668. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with malformed image data, an attacker can write data outside the bounds of the data structure. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 19%CPEs: 2EXPL: 0

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. QT Media Foundation en Apple QuickTime anterior a 7.7.7, utilizado en OS X anterior a 10.10.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, y CVE-2015-3668. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with a malformed image descriptor, an attacker can write data outside the bounds of the data structure. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 46%CPEs: 1EXPL: 0

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669. QT Media Foundation en Apple QuickTime anterior a 7.7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3665 y CVE-2015-3669. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the alis atom. By providing a malformed alis atom, an attacker is able to cause QuickTime to overflow a stack buffer and execute arbitrary code in the context of the QuickTime process. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75499 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 46%CPEs: 1EXPL: 0

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669. QT Media Foundation en Apple QuickTime anterior a 7.7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3664 y CVE-2015-3669. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the properties for the QuickTime browser plugin. By manipulating a QuickTime object's properties an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75498 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 19%CPEs: 2EXPL: 0

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668. QT Media Foundation en Apple QuickTime anterior a 7.7.7, utilizado en OS X anterior a 10.10.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, y CVE-2015-3668. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code atom within the Media Information (minf) atom. By malforming this atom, an attacker can cause memory to be accessed after it has been freed. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •