CVE-2013-0987
https://notcve.org/view.php?id=CVE-2013-0987
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file. Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo QTIF modificado. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5784 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759 • CWE-399: Resource Management Errors •
CVE-2013-1018 – Apple QuickTime 3GP Parsing Remote Code Execution Vunerability
https://notcve.org/view.php?id=CVE-2013-1018
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Desbordamiento de búfer en Apple QuickTime antes de 7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película modificado con codificación H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of H.264 compressed data. Lengths specified within the file are not properly validated before being used as a size in a memory copy. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16799 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1021 – Apple QuickTime stsd Atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1021
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de datos JPEG manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the stsd atom. A malformed stsd atom can be used to cause heap corruption. • http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16728 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1022 – Apple QuickTime mvhd Atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1022
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de 7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos mvhd manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mvhd atom. A malformed mvhd atom can be used to cause heap corruption. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16838 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1019 – Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1019
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película manipulado con la codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of a malformed Sorenson Video 3 mdat section in a QuickTime mov file. This can lead to memory corruption that could lead to remote code execution under the context of the process. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •