CVSS: 9.3EPSS: 62%CPEs: 55EXPL: 0CVE-2013-1020 – Apple QuickTime MJPEG Frame stsd Atom Heap Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1020
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos JPEG manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing a mjpeg movie with an improper jpeg frame size via the stsd atom. When processing the movie, the size of the destination buffer for jpeg contents is specified separately from the JPEG size. • http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16365 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 55EXPL: 0CVE-2013-1021 – Apple QuickTime stsd Atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1021
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de datos JPEG manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the stsd atom. A malformed stsd atom can be used to cause heap corruption. • http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16728 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 55EXPL: 0CVE-2013-1022 – Apple QuickTime mvhd Atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1022
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de 7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos mvhd manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mvhd atom. A malformed mvhd atom can be used to cause heap corruption. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16838 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 51EXPL: 0CVE-2012-3751
https://notcve.org/view.php?id=CVE-2012-3751
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element. Vulnerabilidad de uso después de liberación en Apple QuickTime antes de v7.7.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un documento HTML con un parámetro _qtactivex_ manipulado en un elemento OBJECT. • http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html http://secunia.com/advisories/51226 http://support.apple.com/kb/HT5581 https://exchange.xforce.ibmcloud.com/vulnerabilities/79897 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16166 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 97%CPEs: 51EXPL: 1CVE-2012-3752 – Apple QuickTime 7.7.2 - TeXML Style Element font-table Field Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-3752
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. Múltiples desbordamientos de búfer en Apple QuickTime antes de v7.7.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un elemento style manipulado en un archivo QuickTime TeXML. • https://www.exploit-db.com/exploits/22905 http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html http://packetstormsecurity.com/files/118359/Apple-QuickTime-7.7.2-TeXML-Style-Element-font-table-Field-Stack-Buffer-Overflow.html http://secunia.com/advisories/51226 http://support.apple.com/kb/HT5581 http://www.securityfocus.com/bid/56557 https://exchange.xforce.ibmcloud.com/vulnerabilities/79899 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •