NotCVE - vendor:"Apple" product:"Quicktime"

Page 42 of 271 results (0.008 seconds)

CVSS: 7.1EPSS: 79%CPEs: 2EXPL: 0

CVE-2007-0588

https://notcve.org/view.php?id=CVE-2007-0588

The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. La función InternalUnpackBits en Apple QuickDraw, como ha sido usado en Quicktime 7.1.3 y otras aplicaciones de Mac OS X 10.4.8 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección mediante un fichero PICT artesanal que provoca una corrupción de memoria en la función _GetSrcBits32ARGB. NOTA: este asunto puede estar solapado con CVE-2007-0462. • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/24479 http://security-protocols.com/sp-x43-advisory.php http://www.kb.cert.org/vuls/id/396820 http://www.osvdb.org/33365 http://www.securityfocus.com/bid/22228 http://www.securitytracker.com/id?1017760 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007/0930 •

CVSS: 10.0EPSS: 87%CPEs: 2EXPL: 1

CVE-2007-0462 – Apple Mac OSX 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption

https://notcve.org/view.php?id=CVE-2007-0462

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. La función _GetSrcBits32ARGB en App Apple QuickDraw, tal y como lo usa Quicktime 7.1.3 y otras aplicaciones en Mac OS X 10.4.8 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante una imagen PICT manipulada con un registro Alpha RGB (ARGB) mal formado, que dispara corrupción de memoria. • https://www.exploit-db.com/exploits/29509 http://projects.info-pull.com/moab/MOAB-23-01-2007.html http://secunia.com/advisories/23859 http://www.osvdb.org/32696 http://www.securityfocus.com/bid/22207 http://www.vupen.com/english/advisories/2007/0337 https://exchange.xforce.ibmcloud.com/vulnerabilities/31698 •

CVSS: 6.8EPSS: 12%CPEs: 2EXPL: 2

CVE-2007-0059 – Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting

https://notcve.org/view.php?id=CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. Vulnerabilidad de secuencias de comandos en zonas cruzadas en Apple Quicktime 3 hasta 7.1.3 permite a atacantes remotos con la ayuda del usuario ejecutar código de su elección y listar contenidos del sistema de ficheros mediante un película QuickTime (.MOV) con una pista HREF (HREFTrack) que contiene una etiqueta de acción automática con una URI local, que se ejecuta en una zona local durante la previsualización, tal y como se explota por un gusano MySpace. • https://www.exploit-db.com/exploits/3077 http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://osvdb.org/31164 http://projects.info-pull.com/moab/MOAB-03-01-2007.html http://www.gnucitizen.org/blog/backdooring-quicktime-movies http://www.kb.cert.org/vuls/id/304064 •

CVSS: 6.8EPSS: 96%CPEs: 1EXPL: 6

CVE-2007-0015 – Apple QuickTime - 'rtsp URL Handler' Remote Stack Buffer Overflow

https://notcve.org/view.php?id=CVE-2007-0015

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. Un desbordamiento de búfer en Apple QuickTime versión 7.1.3, permite a atacantes remotos ejecutar código arbitrario por medio de un URI rtsp:// largo. • https://www.exploit-db.com/exploits/3064 https://www.exploit-db.com/exploits/3072 https://www.exploit-db.com/exploits/16527 http://docs.info.apple.com/article.html?artnum=304989 http://isc.sans.org/diary.html?storyid=2094 http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html http://lists.apple.com/archives/Security-announce/2007/Jan/msg00000.html http://projects.info-pull.com/moab/MOAB-01-01-2007.html http://secunia.com/advisories/23540 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 4

CVE-2006-4965 – Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

https://notcve.org/view.php?id=CVE-2006-4965

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Apple QuickTime 7.1.3 Player y sus plug-ins permiten a un atacante remoto ejecutar código JavaScript de su elección y posiblemente llevar a cabo otros ataques mediante un archivo QuickTime Media Link (QTL) con un elemento XML embebido y un parámetro qtnext que identifica recursos fuera del dominio original. NOTA: a fecha del 12-09-2007, este problema fue demostrado utilizando instancias de Components.interfaces.nsILocalFile y Components.interfaces.nsIProcess para ejecutar archivos locales de su elección en Firefox y posiblemente Internet Explorer. • https://www.exploit-db.com/exploits/28639 http://docs.info.apple.com/article.html?artnum=305149 http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html http://secunia.com/advisories/22048 http://secunia.com/advisories/27414 http://securityreason.com/securityalert/1631 http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox http://www.gnucitizen.org/blog/backdooring-mp3-files http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up http://www.kb.cert.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...40 41 42 43 44