CVSS: 6.8EPSS: 24%CPEs: 1EXPL: 0CVE-2015-3665 – Apple QuickTime Plugin Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3665
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669. QT Media Foundation en Apple QuickTime anterior a 7.7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3664 y CVE-2015-3669. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the properties for the QuickTime browser plugin. By manipulating a QuickTime object's properties an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75498 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 9%CPEs: 2EXPL: 0CVE-2015-3666 – Apple QuickTime code Atom Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3666
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668. QT Media Foundation en Apple QuickTime anterior a 7.7.7, utilizado en OS X anterior a 10.10.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, y CVE-2015-3668. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code atom within the Media Information (minf) atom. By malforming this atom, an attacker can cause memory to be accessed after it has been freed. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 24%CPEs: 2EXPL: 0CVE-2015-3669 – Apple QuickTime SGI Image File Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3669
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665. QT Media Foundation en Apple QuickTime anterior a 7.7.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3664 y CVE-2015-3665. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI Image Files. By providing a malformed file, an attacker can overflow a fixed sized region of the heap. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75497 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 1EXPL: 0CVE-2014-4979 – Apple QuickTime 'mvhd' Atom Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4979
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom. Apple QuickTime permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un número de versión malformado e indicadores en un átomo mvhd. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the 'mvhd' atom. By providing a malformed version and flags, an attacker is able to create controllable memory corruption, and trigger an arbitrary write operation. • http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/68852 http://www.securitytracker.com/id/1030638 http://zerodayinitiative.com/advisories/ZDI-14-264 https://support.apple.com/kb/HT6493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 45EXPL: 0CVE-2014-1244 – Apple QuickTime stsz Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1244
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Desbordamiento de buffer en Apple QuickTime anterior a 7.7.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de vídeo manipulado con codificación H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the stsz atom. By creating a deliberately malformed stsz atom, an attacker is able to cause a heap overflow within the QuickTime parser. • http://support.apple.com/kb/HT6151 http://www.securityfocus.com/bid/65786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •