CVSS: 6.8EPSS: 1%CPEs: 140EXPL: 0CVE-2012-0660
https://notcve.org/view.php?id=CVE-2012-0660
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Desbordamiento de búfer en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MPEG modificado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53469 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2012-0661 – Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0661
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. Vulnerabilidad de error en la gestión de recursos en QuickTime en Apple Mac OS X v10.7.x antes de v10.7.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película modificado, con codificación JPEG2000 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53466 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 54%CPEs: 140EXPL: 0CVE-2012-0659 – Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0659
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MPEG modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53467 • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0649
https://notcve.org/view.php?id=CVE-2012-0649
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Condición de carrera en la rutina de inicialización en el Bluetooth en Apple Mac OS X antes de v10.7.4 permite a usuarios locales conseguir privilegios a través de vectores relacionados con un archivo temporal. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53456 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0654
https://notcve.org/view.php?id=CVE-2012-0654
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. libsecurity en Apple Mac OS X antes de v10.7.4 acceda a posiciones de memoria sin inicializar durante la tramitación de los certificados X.509, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un certificado modificado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53471 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •