CVE-2014-1245 – Apple QuickTime stsz Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1245
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file. Error de signo de enteros en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un átomo stsz manipulado en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the stsz atom. By providing a malicious value inside of the stsz atom, an attacker is able to influence the destination of a data write. • http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6151 • CWE-189: Numeric Errors •
CVE-2014-1246 – Apple QuickTime ftab Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1246
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un átomo ftab manipulado en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the ftab atom. By providing an overly large font name, an attacker can overflow a fixed size stack buffer. • http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-1247 – Apple QuickTime dref Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1247
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file. Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un átomo dref manipulado en un archivo de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dref atom. It is possible for an attacker to nest atoms within the dref atom that have sizes larger than the enclosing atom. • http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-1250
https://notcve.org/view.php?id=CVE-2014-1250
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file. Apple QuickTime anterior a 7.7.5 no realiza debidamente una operación de intercambio de bytes, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un elemento ttfo manipulado en un archivo de vídeo. • http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-1248
https://notcve.org/view.php?id=CVE-2014-1248
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file. Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un átomo ldat manipulado en un archivo de vídeo. • http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •