CVSS: 9.3EPSS: 62%CPEs: 55EXPL: 0CVE-2013-1020 – Apple QuickTime MJPEG Frame stsd Atom Heap Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1020
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de datos JPEG manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing a mjpeg movie with an improper jpeg frame size via the stsd atom. When processing the movie, the size of the destination buffer for jpeg contents is specified separately from the JPEG size. • http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16365 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 97%CPEs: 55EXPL: 1CVE-2013-1017 – Apple QuickTime dref Volume Name Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1017
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de 7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos dref manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a MOV file. A dref atom can contain information specifying a past location of the MOV file. • https://www.exploit-db.com/exploits/27012 http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16606 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 65EXPL: 0CVE-2012-0666 – Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0666
Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object. Desbordamiento de búfer basado en pila en el plug-in de QuickTime de Apple antes de v7.7.2 en Windows permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un objeto QTMovie modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts. The stack buffer overflow occurs as a result of an unbounded string copy function in Quicktime.qts, reachable through the IQTPluginControl::SetLanguage COM method exposed by the COM object QTPlugin.ocx. • http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://www.securityfocus.com/bid/53577 http://www.securitytracker.com/id?1027065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16123 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 65EXPL: 0CVE-2012-0664 – Apple QuickTime Text Track Descriptor Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0664
Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file. Desbordamiento de búfer basado en memoria dinámica en antes de Apple QuickTime v7.7.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una pista de texto manipulada en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles text track descriptors. Values for almost all of the text descriptors recognized by QuickTime will be read into a fixed-length buffer. • http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://www.securityfocus.com/bid/53574 http://www.securitytracker.com/id?1027065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16148 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 65EXPL: 0CVE-2012-0669 – Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0669
Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de 7.7.2 en Windows que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película modificado que tenga codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles file with the Sorenson v3 Codec. When parsing the data inside the svq3 stream QuickTime does not verify the value for the mb_skip_run value it reads from the data. • http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://www.securityfocus.com/bid/53580 http://www.securitytracker.com/id?1027065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16119 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •