CVSS: 10.0EPSS: 9%CPEs: 6EXPL: 0CVE-2010-0062 – Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0062
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation. Desbordamiento de búfer basado en memoria dinámica en CoreMedia y QuickTime en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a usuarios remtos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de video modificado con una codificación H.263. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the parsing of H.263 media files. The code within QuickTime trusts various values from MDAT structures and uses them during operations on heap memory. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510510/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0508
https://notcve.org/view.php?id=CVE-2010-0508
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. Mail en Apple Mac OS X en versiones anteriores a la v10.6.3 no deshabilita las reglas de filtrado asociadas con una cuenta de correo eliminada, lo que tiene un impacto y vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 •
CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0513
https://notcve.org/view.php?id=CVE-2010-0513
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. Desbordamiento de búfer basado en pila PS Normalizer en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un documento PostScript manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://osvdb.org/63409 http://support.apple.com/kb/HT4077 http://www.securityfocus.com/bid/39151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0512
https://notcve.org/view.php?id=CVE-2010-0512
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. La implementación de Preferencias de las Cuentas -Accounts Preferences- en Apple Mac OS X v10.6 anterior a v10.6.3 cuando se está usando un servidor de cuenta de red, no soporta el control de acceso de Login Window que se basa únicamente en pertenencia a grupos. Esto permite a atacantes evitar las restricciones de acceso pretendidas introduciendo credenciales de registro. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/bid/39153 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2010-0514
https://notcve.org/view.php?id=CVE-2010-0514
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. Desbordamiento de búfer basado en pila en QuickTime de Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una película manipulada con codificación H.261. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •