CVSS: 9.3EPSS: 94%CPEs: 6EXPL: 0CVE-2007-4676 – Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-4676
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante elementos mal formados cuando se analizan los códigos de operación (opcodes) (1)Poly type (0x0070 hasta 0x0074) y (2) PackBitsRgn field (0x0099)en una imagen PICT. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. • http://docs.info.apple.com/article.html?artnum=306896 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html http://osvdb.org/38546 http://secunia.com/advisories/27523 http://securityreason.com/securityalert/3351 http://www.kb.cert.org/vuls/id/690515 http://www.securityfocus.com/archive/1/483311/100/0/threaded http://www.securityfocus.com/archive/1/483313/100/0/threaded http://www.securityfocus.com/bid/26345 http://www.securitytracker.com/id?1018894 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 6EXPL: 0CVE-2007-4677 – Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-4677
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante un tamaño inválido de tabla de color cuando se analiza el átomo de tabla de color (color table atom o CTAB) en un archivo de película, relacionado con los valores CTAB RGB. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. • http://docs.info.apple.com/article.html?artnum=306896 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html http://secunia.com/advisories/27523 http://securityreason.com/securityalert/3352 http://www.kb.cert.org/vuls/id/445083 http://www.osvdb.org/38544 http://www.securityfocus.com/archive/1/483312/100/0/threaded http://www.securityfocus.com/bid/26338 http://www.securitytracker.com/id?1018894 http://www.us-cert.gov/cas/techalerts/TA07-310A.html http&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 25%CPEs: 6EXPL: 0CVE-2007-4672 – Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-4672
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. Desbordamiento de búfer basado en pila en Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante una longitud de código de operación (opcode) UncompressedQuickTimeData inválida en una imagen PICT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. • http://docs.info.apple.com/article.html?artnum=306896 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html http://osvdb.org/38547 http://secunia.com/advisories/27523 http://securityreason.com/securityalert/3350 http://www.securityfocus.com/archive/1/483314/100/0/threaded http://www.securityfocus.com/bid/26344 http://www.securitytracker.com/id?1018894 http://www.us-cert.gov/cas/techalerts/TA07-310A.html http://www.vupen.com/english/advisories/2007/3723 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 0CVE-2007-3758
https://notcve.org/view.php?id=CVE-2007-3758
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Safari en Apple iPhone versión 1.1.1 y Safari versión 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript para las páginas web que están en un dominio diferente, el cual puede ser aprovechado para conducir ataques de tipo cross-site scripting (XSS). • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25857 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos "alter or access" al contenido HTTPS por medio de una sesión HTTP con una página web diseñada que causa que Javascript sea aplicado a páginas HTTPS del mismo dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25852 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-20: Improper Input Validation •