QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)

2011-10-28T00:00:00

Description

The version of QuickTime installed on the remote Windows host is older than 7.7.1 and may be affected by the following vulnerabilities : - A cross-site scripting issue exists in HTML files generated by the 'Save for Web' export feature. (CVE-2011-3218) - A buffer overflow error exists in the handling of H.264 encoded video files. (CVE-2011-3219) - An error exists in the processing of URL data handlers in movie files and can allow access to uninitialized areas of memory. (CVE-2011-3220) - An error exists in the handling of the 'atoms' hierarchy as well as 'TKHD atoms' in movie files. (CVE-2011-3221, CVE-2011-3251) - Buffer overflow errors exist in the processing of of FlashPix, FLIC, PICT and FLC-encoded files. (CVE-2011-3222, CVE-2011-3223, CVE-2011-3247, CVE-2011-3249) - An unspecified error can allow memory corruption when viewing certain video files. (CVE-2011-3228) - An error related to signedness exists in the handling of font tables in QuickTime video files. (CVE-2011-3248) - An integer overflow error exists in the handling of JPEG2000 encoded video files. (CVE-2011-3250)

{"id": "QUICKTIME_771.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)", "description": "The version of QuickTime installed on the remote Windows host is older than 7.7.1 and may be affected by the following vulnerabilities :\n\n - A cross-site scripting issue exists in HTML files generated by the 'Save for Web' export feature.\n (CVE-2011-3218)\n\n - A buffer overflow error exists in the handling of H.264 encoded video files. (CVE-2011-3219)\n\n - An error exists in the processing of URL data handlers in movie files and can allow access to uninitialized areas of memory. (CVE-2011-3220)\n\n - An error exists in the handling of the 'atoms' hierarchy as well as 'TKHD atoms' in movie files.\n (CVE-2011-3221, CVE-2011-3251)\n\n - Buffer overflow errors exist in the processing of of FlashPix, FLIC, PICT and FLC-encoded files. (CVE-2011-3222, CVE-2011-3223, CVE-2011-3247, CVE-2011-3249)\n\n - An unspecified error can allow memory corruption when viewing certain video files. (CVE-2011-3228)\n\n - An error related to signedness exists in the handling of font tables in QuickTime video files. (CVE-2011-3248)\n\n - An integer overflow error exists in the handling of JPEG2000 encoded video files. (CVE-2011-3250)", "published": "2011-10-28T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/56667", "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "references": ["http://www.securityfocus.com/archive/1/523931/30/0/threaded", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3223", "http://www.zerodayinitiative.com/advisories/ZDI-11-295/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3221", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3247", "https://www.zerodayinitiative.com/advisories/ZDI-11-314/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3219", "https://www.zerodayinitiative.com/advisories/ZDI-11-313/", "http://www.zerodayinitiative.com/advisories/ZDI-12-136/", "https://www.zerodayinitiative.com/advisories/ZDI-11-316/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3250", "https://www.zerodayinitiative.com/advisories/ZDI-11-315/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3220", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3249", "https://support.apple.com/en-us/HT5016", "https://www.zerodayinitiative.com/advisories/ZDI-11-311/", "https://www.zerodayinitiative.com/advisories/ZDI-11-312/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3228", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3251", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3248", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3222", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3218", "http://www.zerodayinitiative.com/advisories/ZDI-11-303/"], "cvelist": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"], "immutableFields": [], "lastseen": "2023-01-11T14:36:48", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2012-168"]}, {"type": "cve", "idList": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"]}, {"type": "nessus", "idList": ["6037.PRM", "6039.PRM", "6052.PRM", "6303.PRM", "801196.PRM", "APPLE_IOS_50_CHECK.NBIN", "ITUNES_10_5.NASL", "ITUNES_10_5_BANNER.NASL", "MACOSX_10_7_2.NASL", "MACOSX_10_7_3.NASL", "MACOSX_SECUPD2011-006.NASL", "MACOSX_SECUPD2012-001.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802193", "OPENVAS:1361412562310802198", "OPENVAS:1361412562310802336", "OPENVAS:1361412562310802392", "OPENVAS:802193", "OPENVAS:802198", "OPENVAS:802336", "OPENVAS:802392"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:27156", "SECURITYVULNS:DOC:27182", "SECURITYVULNS:DOC:27218", "SECURITYVULNS:DOC:27220", "SECURITYVULNS:DOC:27224", "SECURITYVULNS:DOC:27225", "SECURITYVULNS:DOC:27226", "SECURITYVULNS:DOC:27227", "SECURITYVULNS:DOC:27228", "SECURITYVULNS:DOC:27229", "SECURITYVULNS:DOC:27424", "SECURITYVULNS:DOC:27514", "SECURITYVULNS:DOC:27515", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:28389", "SECURITYVULNS:VULN:11973", "SECURITYVULNS:VULN:11974", "SECURITYVULNS:VULN:12002", "SECURITYVULNS:VULN:12164"]}, {"type": "seebug", "idList": ["SSV:21013", "SSV:21027", "SSV:23138", "SSV:23143", "SSV:23144", "SSV:23145", "SSV:23149"]}, {"type": "zdi", "idList": ["ZDI-11-295", "ZDI-11-303", "ZDI-11-311", "ZDI-11-312", "ZDI-11-313", "ZDI-11-314", "ZDI-11-315", "ZDI-11-316", "ZDI-11-340", "ZDI-12-004", "ZDI-12-005", "ZDI-12-136"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"]}, {"type": "nessus", "idList": ["QUICKTIME_INSTALLED.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802198"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27155"]}, {"type": "seebug", "idList": ["SSV:23145"]}, {"type": "zdi", "idList": ["ZDI-11-295", "ZDI-11-303", "ZDI-11-311", "ZDI-11-312", "ZDI-11-313", "ZDI-11-314", "ZDI-11-315", "ZDI-11-316", "ZDI-11-340", "ZDI-12-004", "ZDI-12-005", "ZDI-12-136"]}]}, "exploitation": null, "vulnersScore": 0.7}, "_state": {"dependencies": 1673449426, "score": 1673449353}, "_internal": {"score_hash": "694b6f4165ffb7169460145d2241b78f"}, "pluginID": "56667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56667);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3228\",\n \"CVE-2011-3247\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3251\"\n );\n script_bugtraq_id(\n 50068,\n 50100,\n 50101,\n 50122,\n 50127,\n 50130,\n 50131,\n 50399,\n 50400,\n 50401,\n 50403,\n 50404\n );\n\n script_name(english:\"QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks version of QuickTime on Windows\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains an application that may be affected\nby multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of QuickTime installed on the remote Windows host is\nolder than 7.7.1 and may be affected by the following \nvulnerabilities :\n\n - A cross-site scripting issue exists in HTML files\n generated by the 'Save for Web' export feature.\n (CVE-2011-3218)\n\n - A buffer overflow error exists in the handling of\n H.264 encoded video files. (CVE-2011-3219)\n\n - An error exists in the processing of URL data handlers \n in movie files and can allow access to uninitialized \n areas of memory. (CVE-2011-3220)\n\n - An error exists in the handling of the 'atoms' \n hierarchy as well as 'TKHD atoms' in movie files.\n (CVE-2011-3221, CVE-2011-3251)\n\n - Buffer overflow errors exist in the processing of\n of FlashPix, FLIC, PICT and FLC-encoded files. \n (CVE-2011-3222, CVE-2011-3223, CVE-2011-3247, \n CVE-2011-3249)\n\n - An unspecified error can allow memory corruption when\n viewing certain video files. (CVE-2011-3228)\n\n - An error related to signedness exists in the handling \n of font tables in QuickTime video files. (CVE-2011-3248)\n\n - An integer overflow error exists in the handling of \n JPEG2000 encoded video files. (CVE-2011-3250)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-313/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-314/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-315/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-316/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT5016\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to QuickTime 7.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"SMB/QuickTime/\";\n\nversion = get_kb_item_or_exit(kb_base+\"Version\");\nversion_ui = get_kb_item(kb_base+\"Version_UI\");\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nfixed_version = \"7.71.80.42\";\nfixed_version_ui = \"7.7.1 (1680.42)\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n set_kb_item(name: 'www/0/XSS', value: TRUE);\n if (report_verbosity > 0)\n {\n path = get_kb_item(kb_base+\"Path\");\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : '+fixed_version_ui+'\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The QuickTime \"+version_report+\" install on the host is not affected.\");\n", "naslFamily": "Windows", "cpe": ["cpe:/a:apple:quicktime"], "solution": "Upgrade to QuickTime 7.7.1 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2011-10-28T00:00:00", "vulnerabilityPublicationDate": "2011-10-27T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-11T14:36:24", "description": "Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :\n\n - A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)\n\n - An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)\n\n - An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)\n\n - A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)\n\n - A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)\n\n - A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)\n\n - Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)\n\n - An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)\n\n - A signedness issue exists in the handling of font tables embedded n QuickTime movie files.\n\n - A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)\n\n - An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)\n\n - A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "nessus", "title": "QuickTime < 7.7.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*"], "id": "6052.PRM", "href": "https://www.tenable.com/plugins/nnm/6052", "sourceData": "Binary data 6052.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:22", "description": "Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :\n\n - A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)\n\n - An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)\n\n - An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)\n\n - A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)\n\n - A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)\n\n - A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)\n\n - Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)\n\n - An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)\n\n - A signedness issue exists in the handling of font tables embedded n QuickTime movie files.\n\n - A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)\n\n - An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)\n\n - A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "nessus", "title": "QuickTime < 7.7.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251"], "modified": "2011-10-27T00:00:00", "cpe": [], "id": "801196.PRM", "href": "https://www.tenable.com/plugins/lce/801196", "sourceData": "Binary data 801196.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:42", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreMedia\n - CoreProcesses\n - CoreStorage\n - File Systems\n - iChat Server\n - Kernel\n - libsecurity\n - Open Directory\n - PHP\n - python\n - QuickTime\n - SMB File Server\n - X11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1634", "CVE-2010-2089", "CVE-2011-0185", "CVE-2011-0187", "CVE-2011-0226", "CVE-2011-0230", "CVE-2011-0260", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3212", "CVE-2011-3213", "CVE-2011-3215", "CVE-2011-3216", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3225", "CVE-2011-3226", "CVE-2011-3227", "CVE-2011-3228", "CVE-2011-3246", "CVE-2011-3435", "CVE-2011-3436", "CVE-2011-3437"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_7_2.NASL", "href": "https://www.tenable.com/plugins/nessus/56480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56480);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2011-0185\",\n \"CVE-2011-0187\",\n \"CVE-2011-0226\",\n \"CVE-2011-0230\",\n \"CVE-2011-0260\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3212\",\n \"CVE-2011-3213\",\n \"CVE-2011-3215\",\n \"CVE-2011-3216\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3225\",\n \"CVE-2011-3226\",\n \"CVE-2011-3227\",\n \"CVE-2011-3228\",\n \"CVE-2011-3246\",\n \"CVE-2011-3435\",\n \"CVE-2011-3436\",\n \"CVE-2011-3437\"\n );\n script_bugtraq_id(\n 40370,\n 40863,\n 48007,\n 48250,\n 48566,\n 48618,\n 48619,\n 48660,\n 49303,\n 50085,\n 50092,\n 50100,\n 50101,\n 50109,\n 50112,\n 50113,\n 50114,\n 50115,\n 50116,\n 50120,\n 50121,\n 50127,\n 50129,\n 50130,\n 50131,\n 50144,\n 50146,\n 50153 \n );\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.2. This version contains numerous security-related fixes for\nthe following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreMedia\n - CoreProcesses\n - CoreStorage\n - File Systems\n - iChat Server\n - Kernel\n - libsecurity\n - Open Directory\n - PHP\n - python\n - QuickTime\n - SMB File Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-1]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:24", "description": "Versions of Mac OS X 10.7 earlier than 10.7.2 are potentially affected by a security issue. Mac OS X 10.7.2 contains a security fix for the following products : \n\n - Apache\n\n - Application Firewall\n\n - ATS\n\n - BIND\n\n - Certificate Trust Policy\n\n - CFNetwork\n\n - CoreMedia\n\n - CoreProcesses\n\n - CoreStorage\n\n - File Systems\n\n - iChat Server\n\n - Kernel\n\n - libsecurity\n\n - Open Directory\n\n - PHP\n\n - python\n\n - QuickTime\n\n - SMB File Server\n\n - X11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X 10.7 < 10.7.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1634", "CVE-2010-2089", "CVE-2011-0185", "CVE-2011-0187", "CVE-2011-0226", "CVE-2011-0230", "CVE-2011-0260", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3212", "CVE-2011-3213", "CVE-2011-3215", "CVE-2011-3216", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3225", "CVE-2011-3226", "CVE-2011-3227", "CVE-2011-3228", "CVE-2011-3246", "CVE-2011-3435", "CVE-2011-3436", "CVE-2011-3437"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "6039.PRM", "href": "https://www.tenable.com/plugins/nnm/6039", "sourceData": "Binary data 6039.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:08", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-006)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4022", "CVE-2010-0097", "CVE-2010-1157", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-2227", "CVE-2010-3436", "CVE-2010-3613", "CVE-2010-3614", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4645", "CVE-2011-0013", "CVE-2011-0185", "CVE-2011-0224", "CVE-2011-0229", "CVE-2011-0230", "CVE-2011-0231", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0259", "CVE-2011-0411", "CVE-2011-0419", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0534", "CVE-2011-0707", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3213", "CVE-2011-3214", "CVE-2011-3217", "CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3224", "CVE-2011-3228"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2011-006.NASL", "href": "https://www.tenable.com/plugins/nessus/56481", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56481);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-4022\",\n \"CVE-2010-0097\",\n \"CVE-2010-1157\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2010-2227\",\n \"CVE-2010-3436\",\n \"CVE-2010-3613\",\n \"CVE-2010-3614\",\n \"CVE-2010-3718\",\n \"CVE-2010-4172\",\n \"CVE-2010-4645\",\n \"CVE-2011-0013\",\n \"CVE-2011-0185\",\n \"CVE-2011-0224\",\n \"CVE-2011-0229\",\n \"CVE-2011-0230\",\n \"CVE-2011-0231\",\n \"CVE-2011-0249\",\n \"CVE-2011-0250\",\n \"CVE-2011-0251\",\n \"CVE-2011-0252\",\n \"CVE-2011-0259\",\n \"CVE-2011-0411\",\n \"CVE-2011-0419\",\n \"CVE-2011-0420\",\n \"CVE-2011-0421\",\n \"CVE-2011-0534\",\n \"CVE-2011-0707\",\n \"CVE-2011-0708\",\n \"CVE-2011-1092\",\n \"CVE-2011-1153\",\n \"CVE-2011-1466\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1469\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3213\",\n \"CVE-2011-3214\",\n \"CVE-2011-3217\",\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3224\",\n \"CVE-2011-3228\"\n );\n script_bugtraq_id(\n 37118,\n 37865,\n 39635,\n 40370,\n 40863,\n 41544,\n 44723,\n 45015,\n 45133,\n 45137,\n 45668,\n 46164,\n 46174,\n 46177,\n 46354,\n 46365,\n 46429,\n 46464,\n 46767,\n 46786,\n 46854,\n 46967,\n 46968,\n 46969,\n 46970,\n 46975,\n 46977,\n 48007,\n 48250,\n 48566,\n 48618,\n 48660,\n 49303,\n 50085,\n 50091,\n 50092,\n 50095,\n 50098,\n 50100,\n 50101,\n 50111,\n 50116,\n 50117,\n 50122,\n 50127,\n 50130,\n 50131,\n 50150 \n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-006)\");\n script_summary(english:\"Check for the presence of Security Update 2011-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2011-006 applied. This update contains numerous\nsecurity-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) \n{\n packages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[6-9]|201[2-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2011-006 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:20:58", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components :\n\n - Apache\n - ATS\n - ColorSync\n - CoreAudio\n - CoreMedia\n - CoreText\n - curl\n - Data Security\n - dovecot\n - filecmds\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - SquirrelMail\n - Subversion\n - Tomcat\n - X11", "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1637", "CVE-2010-2813", "CVE-2010-4554", "CVE-2010-4555", "CVE-2011-0200", "CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2023", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2204", "CVE-2011-2483", "CVE-2011-2895", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3252", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3446", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2012-001.NASL", "href": "https://www.tenable.com/plugins/nessus/57798", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57798);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2010-1637\",\n \"CVE-2010-2813\",\n \"CVE-2010-4554\",\n \"CVE-2010-4555\",\n \"CVE-2011-0200\",\n \"CVE-2011-1148\",\n \"CVE-2011-1657\",\n \"CVE-2011-1752\",\n \"CVE-2011-1783\",\n \"CVE-2011-1921\",\n \"CVE-2011-1938\",\n \"CVE-2011-2023\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2204\",\n \"CVE-2011-2483\",\n \"CVE-2011-2895\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3252\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3348\",\n \"CVE-2011-3389\",\n \"CVE-2011-3422\",\n \"CVE-2011-3446\",\n \"CVE-2011-3448\",\n \"CVE-2011-3449\",\n \"CVE-2011-3453\",\n \"CVE-2011-3457\",\n \"CVE-2011-3458\",\n \"CVE-2011-3459\",\n \"CVE-2011-3460\"\n );\n script_bugtraq_id(\n 40291,\n 42399,\n 46843,\n 47950,\n 48091,\n 48259,\n 48416,\n 48434,\n 48456,\n 48648,\n 49124,\n 49241,\n 49249,\n 49252,\n 49376,\n 49429,\n 49616,\n 49778,\n 50065,\n 50400,\n 50401,\n 50404,\n 51807,\n 51808,\n 51809,\n 51811,\n 51812,\n 51814,\n 51817,\n 51832\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-02-03-1\");\n script_xref(name:\"CERT\", value:\"403593\");\n script_xref(name:\"CERT\", value:\"410281\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2012-001 applied. This update contains multiple\nsecurity-related fixes for the following components :\n\n - Apache\n - ATS\n - ColorSync\n - CoreAudio\n - CoreMedia\n - CoreText\n - curl\n - Data Security\n - dovecot\n - filecmds\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - SquirrelMail\n - Subversion\n - Tomcat\n - X11\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-058/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-130/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/59\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5130\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2012-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2012\\.00[1-9]|201[3-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages) ||\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2012\\.001(\\.snowleopard)?\\.1\\.1\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2012-001 or later installed and therefore is not affected.\");\nelse\n{\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security updates : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:21:23", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11", "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "nessus", "title": "Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1148", "CVE-2011-1167", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-2895", "CVE-2011-2937", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3246", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3256", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3441", "CVE-2011-3444", "CVE-2011-3446", "CVE-2011-3447", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3450", "CVE-2011-3452", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460", "CVE-2011-3462", "CVE-2011-3463"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_7_3.NASL", "href": "https://www.tenable.com/plugins/nessus/57797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57797);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-1148\",\n \"CVE-2011-1167\",\n \"CVE-2011-1657\",\n \"CVE-2011-1752\",\n \"CVE-2011-1783\",\n \"CVE-2011-1921\",\n \"CVE-2011-1938\",\n \"CVE-2011-2192\",\n \"CVE-2011-2202\",\n \"CVE-2011-2483\",\n \"CVE-2011-2895\",\n \"CVE-2011-2937\",\n \"CVE-2011-3182\",\n \"CVE-2011-3189\",\n \"CVE-2011-3246\",\n \"CVE-2011-3248\",\n \"CVE-2011-3249\",\n \"CVE-2011-3250\",\n \"CVE-2011-3256\",\n \"CVE-2011-3267\",\n \"CVE-2011-3268\",\n \"CVE-2011-3328\",\n \"CVE-2011-3348\",\n \"CVE-2011-3389\",\n \"CVE-2011-3422\",\n \"CVE-2011-3441\",\n \"CVE-2011-3444\",\n \"CVE-2011-3446\",\n \"CVE-2011-3447\",\n \"CVE-2011-3448\",\n \"CVE-2011-3449\",\n \"CVE-2011-3450\",\n \"CVE-2011-3452\",\n \"CVE-2011-3453\",\n \"CVE-2011-3457\",\n \"CVE-2011-3458\",\n \"CVE-2011-3459\",\n \"CVE-2011-3460\",\n \"CVE-2011-3462\",\n \"CVE-2011-3463\"\n );\n script_bugtraq_id(\n 46843,\n 46951,\n 47950,\n 48091,\n 48259,\n 48434,\n 49124,\n 49229,\n 49241,\n 49249,\n 49252,\n 49376,\n 49429,\n 49616,\n 49744,\n 49778,\n 50115,\n 50155,\n 50400,\n 50401,\n 50404,\n 50641,\n 51807,\n 51808,\n 51809,\n 51810,\n 51811,\n 51812,\n 51813,\n 51814,\n 51815,\n 51816,\n 51817,\n 51818,\n 51819,\n 51832\n );\n script_xref(name:\"CERT\", value:\"403593\");\n script_xref(name:\"CERT\", value:\"410281\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-058\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-103\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-130\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.3. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-058/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-130/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/59\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5130\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.7.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-2]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:20:35", "description": "The remote host is running a version of Mac OS X 10.7 that is older than version 10.7.3. The newer version contains numerous security-related fixes for the following components :\n\n - Address Book\n - Apache\n - ATS\n - CFNetwork\n - CoreMedia\n - CoreText\n - CoreUI\n - curl\n - Data Security\n - dovecot\n - filecmds\n - ImageIO\n - Internet Sharing\n - Libinfo\n - libresolv\n - libsecurity\n - OpenGL\n - PHP\n - QuickTime\n - Subversion\n - Time Machine\n - WebDAV Sharing\n - Webmail\n - X11", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "nessus", "title": "Mac OS X 10.7 < 10.7.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1148", "CVE-2011-1167", "CVE-2011-1657", "CVE-2011-1752", "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-1938", "CVE-2011-2023", "CVE-2011-2192", "CVE-2011-2202", "CVE-2011-2204", "CVE-2011-2483", "CVE-2011-2895", "CVE-2011-2937", "CVE-2011-3182", "CVE-2011-3189", "CVE-2011-3246", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3252", "CVE-2011-3256", "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3422", "CVE-2011-3441", "CVE-2011-3444", "CVE-2011-3446", "CVE-2011-3447", "CVE-2011-3448", "CVE-2011-3449", "CVE-2011-3450", "CVE-2011-3452", "CVE-2011-3453", "CVE-2011-3457", "CVE-2011-3458", "CVE-2011-3459", "CVE-2011-3460", "CVE-2011-3462", "CVE-2011-3463"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "6303.PRM", "href": "https://www.tenable.com/plugins/nnm/6303", "sourceData": "Binary data 6303.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:46", "description": "The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1823", "CVE-2011-0164", "CVE-2011-0200", "CVE-2011-0204", "CVE-2011-0215", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1296", "CVE-2011-1440", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3219", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3244", "CVE-2011-3252"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_10_5_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/56470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56470);\n script_version(\"1.48\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n10.5. It is, therefore, affected by multiple vulnerabilities in the\nCoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit\ncomponents. Note that these only affect iTunes for Windows.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"10.5\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:34", "description": "The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components :\n\n - CoreFoundation\n - ColorSync\n - CoreAudio\n - CoreMedia\n - ImageIO\n - WebKit", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1823", "CVE-2011-0164", "CVE-2011-0200", "CVE-2011-0204", "CVE-2011-0215", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1296", "CVE-2011-1440", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3219", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3244", "CVE-2011-3252"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_10_5.NASL", "href": "https://www.tenable.com/plugins/nessus/56469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56469);\n script_version(\"1.45\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple iTunes installed on the remote Windows host is\nolder than 10.5. Thus, it is reportedly affected by numerous issues in\nthe following components :\n\n - CoreFoundation\n - ColorSync\n - CoreAudio\n - CoreMedia\n - ImageIO\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"SMB/iTunes/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/iTunes/Version\");\nfixed_version = \"10.5.0.142\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/iTunes/Path\");\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : '+fixed_version+'\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The host is not affected since iTunes \"+version+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:22", "description": "The remote host has iTunes installed, a popular media player for Windows and Mac OS. \n\nVersions of iTunes earlier than 10.5 are potentially affected by numerous issues in the following components :\n\n - CoreFoundation\n\n - ColorSync\n\n - CoreAudio\n\n - CoreMedia\n\n - ImageIO\n\n - WebKit", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "iTunes < 10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1823", "CVE-2011-0164", "CVE-2011-0200", "CVE-2011-0204", "CVE-2011-0215", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1296", "CVE-2011-1440", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3219", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3244", "CVE-2011-3252"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*"], "id": "6037.PRM", "href": "https://www.tenable.com/plugins/nnm/6037", "sourceData": "Binary data 6037.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:25:07", "description": "The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :\n\n - Apple iOS Calendar Synchronization SSL Certificate Validation Information Disclosure Vulnerability (CVE-2011-3253)\n\n - Apple iOS Calendar Cross-Site Scripting Vulnerability (CVE-2011-3254)\n\n - Apple iOS CFNetwork Information Disclosure Vulnerability (CVE-2011-3255)\n\n - Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability (CVE-2011-3246)\n\n - Apple Mac OS X CoreFoundation Memory Corruption Vulnerability (CVE-2011-0259)\n\n - FreeType Font Document Multiple Memory Corruption Vulnerabilities (CVE-2011-3256)\n\n - Apple Mac OS X QuickTime Cross-Domain Information Disclosure Vulnerability (CVE-2011-0187)\n\n - Apple iOS Mail Cookie Synchronization Validation Information Disclosure Vulnerability (CVE-2011-3257)\n\n - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)\n\n - Opera Web Browser Information Disclosure Vulnerability\n\n - Apple iOS Home Screen Information Disclosure Vulnerability (CVE-2011-3431)\n\n - libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability (CVE-2011-0192)\n\n - Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability (CVE-2011-0241)\n\n - Apple Mac OS X ICU Buffer Overflow Vulnerability (CVE-2011-0206)\n\n - Apple Kernel TCP Exhaustion Denial of Service Vulnerability (CVE-2011-3259)\n\n - Apple Mac OS X IPV6 Socket Options Denial of Service Vulnerability (CVE-2011-1132)\n\n - Apple iOS Keyboard Information Disclosure Vulnerability (CVE-2011-3245)\n\n - Apple Safari 'libxml' Remote Code Execution Vulnerability (CVE-2011-0216)\n\n - Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer Overflow Vulnerability (CVE-2011-3260)\n\n - Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code Execution Vulnerability (CVE-2011-3261)\n\n - Apple Mac OS X QuickLook Office File Memory Corruption Vulnerability (CVE-2011-0208)\n\n - Apple Mac OS X QuickLook Remote Code Execution Vulnerability (CVE-2011-0184)\n\n - Apple iPhone/iPad/iPod Touch 'Content-Disposition' Header Cross-Site Scripting Vulnerability (CVE-2011-3246)\n\n - Apple iOS Parental Restrictions Passcode Information Disclosure Vulnerability (CVE-2011-3249)\n\n - Apple iOS Insecure Misleading UI Insecure Configuration Weakness (CVE-2011-3430)\n\n - Apple iOS Remote Denial of Service Vulnerability (CVE-2011-3432)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0218)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0221)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0222)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0225)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0232)\n\n - WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0233)\n\n - WebKit Malformed XHTML Tags Use-After-Free Memory Corruption Vulnerability (CVE-2011-0234)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0235)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0238)\n\n - WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0254)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0255)\n\n - Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities (CVE-2011-0981)\n\n - Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities (CVE-2011-1109)\n\n - Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities (CVE-2011-1188)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1288)\n\n - Google Chrome prior to 10.0.648.204 Multiple Security Vulnerabilities (CVE-2011-1293)\n\n - Google Chrome prior to 11.0.696.57 Multiple Security Vulnerabilities (CVE-2011-1449)\n\n - WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1453)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1457)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1462)\n\n - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1797)\n\n - WebKit Multiple Unspecified Remote Code Execution Vulnerabilities (CVE-2011-2338)\n\n - WebKit Style Sheet Elements Remote Code Execution Vulnerability (CVE-2011-2341)\n\n - Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities (CVE-2011-2351)\n\n - Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities (CVE-2011-2359)\n\n - Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2823)\n\n - Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability (CVE-2011-3232)\n\n - Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-3234)\n\n - WebKit Embedded URL Cross Domain Scripting Vulnerability (CVE-2011-0242)\n\n - WebKit Address Bar URI Spoofing Vulnerability (CVE-2011-1107)\n\n - WebKit 'libxslt' Remote Code Execution Vulnerability (CVE-2011-1774)\n\n - WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability (CVE-2011-0166)\n\n - WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability (CVE-2011-3243)\n\n - Apple iOS WiFi Credentials Information Disclosure Vulnerability (CVE-2011-3234)", "cvss3": {}, "published": "2012-06-19T00:00:00", "type": "nessus", "title": "Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0166", "CVE-2011-0184", "CVE-2011-0187", "CVE-2011-0192", "CVE-2011-0206", "CVE-2011-0208", "CVE-2011-0216", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0238", "CVE-2011-0241", "CVE-2011-0242", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1107", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1132", "CVE-2011-1188", "CVE-2011-1190", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1295", "CVE-2011-1296", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2800", "CVE-2011-2805", "CVE-2011-2809", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2819", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3232", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3243", "CVE-2011-3244", "CVE-2011-3245", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3253", "CVE-2011-3254", "CVE-2011-3255", "CVE-2011-3256", "CVE-2011-3257", "CVE-2011-3259", "CVE-2011-3260", "CVE-2011-3261", "CVE-2011-3389", "CVE-2011-3426", "CVE-2011-3427", "CVE-2011-3429", "CVE-2011-3430", "CVE-2011-3431", "CVE-2011-3432", "CVE-2011-3434"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_50_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/60026", "sourceData": "Binary data apple_ios_50_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-26-1 QuickTime 7.7.1\r\n\r\nQuickTime 7.7.1 is now available and addresses the following:\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files. For OS X Lion systems, this issue is\r\naddressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this\r\nissue is addressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files. For OS\r\nX Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac\r\nOS X v10.6 systems, this issue is addressed in Security Update\r\n2011-006.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file. For OS X Lion systems,\r\nthis issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6\r\nsystems, this issue is addressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is addressed by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems. For Mac\r\nOS X v10.6 systems, this issue is addressed in Security Update\r\n2011-006.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files. For OS X Lion systems, this issue is addressed in OS\r\nX Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed\r\nin Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files. For OS X Lion systems, this issue is addressed in OS X\r\nLion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in\r\nSecurity Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files. For OS X Lion systems, these\r\nissues are addressed in OS X Lion v10.7.2. For Mac OS X v10.6\r\nsystems, these issues are addressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted PICT file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nPICT files. This issue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of font\r\ntables embedded in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in the handling of FLC\r\nencoded movie files.\r\nCVE-ID\r\nCVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nJPEG2000 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nTKHD atoms in QuickTime movie files. This issue does not affect Mac\r\nOS X systems.\r\nCVE-ID\r\nCVE-2011-3251 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\n\r\nQuickTime 7.7.1 may be obtained from the QuickTime Downloads site:\r\nhttp://www.apple.com/quicktime/download/\r\n\r\nThe download file is named: "QuickTimeInstaller.exe"\r\nIts SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv\r\nCFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu\r\nvpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk\r\nW4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p\r\nZ+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53\r\ni3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=\r\n=LmVu\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "title": "APPLE-SA-2011-10-26-1 QuickTime 7.7.1", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27218", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27218", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:10:38", "description": "Multiple memory corruption on different multimedia formats parsing, crossite scripting.", "edition": 2, "cvss3": {}, "published": "2012-08-20T00:00:00", "type": "securityvulns", "title": "Apple QuickTime multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2012-08-20T00:00:00", "id": "SECURITYVULNS:VULN:12002", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12002", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-136\r\nAugust 17, 2012\r\n\r\n- -- CVE ID:\r\nCVE-2011-3220\r\n\r\n- -- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n- -- Affected Vendors:\r\nApple\r\n\r\n- -- Affected Products:\r\nApple QuickTime\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple's QuickTime player. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page.\r\n\r\nThe specific flaw exists within how the application handles a malformed\r\natom type when playing a movie encoded with uncompressed audio. When\r\ndecoding the audio sample the application will use a 16-bit length for\r\nallocating a buffer, and a different one for initializing it. This can\r\ncause memory corruption which can lead to code execution under the context\r\nof the application.\r\n\r\n- -- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More details can\r\nbe found at:\r\nhttp://support.apple.com/kb/HT1222\r\n\r\n- -- Disclosure Timeline:\r\n2011-11-29 - Vulnerability reported to vendor\r\n2012-08-17 - Coordinated public release of advisory\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n* Luigi Auriemma\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 10.2.0 (Build 1950)\r\nCharset: utf-8\r\n\r\nwsBVAwUBUC5jalVtgMGTo1scAQLuNAf9H19sAiyxk8pcZQF5mIIUgYOgmDYL//oC\r\n3OJ5DoKa5/b6haVHagBOluLMP7epMRLH+9m2keVtbA8TN0/BGJV1W7sQh/rj6Hyg\r\n4hP95wuXU0lEMLwHqm1df3BIrlWcahiA47xsPCntim9qdMchrEKurI8koOCCT+k9\r\n9q6AWe5MpZNuGROSiOStBs+YCftZzjdGVyOx+1hJdH+XRBLlOZ438yMnJTB0y9BM\r\njo3ifV9OwOb3mMlkMOgVmSgvZVzSDkRPVS3ubuGcH+BY53ynbx7XwrmjbxZPvQIM\r\naNYov87jOUVQIS09/AN4yNqStb/ZQbFmpx6KaocJHmPBteA0tlToPA==\r\n=sqAI\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-08-20T00:00:00", "title": "ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3220"], "modified": "2012-08-20T00:00:00", "id": "SECURITYVULNS:DOC:28389", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28389", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-311\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3220\r\n\r\n-- CVSS:\r\n9, AV:N/AC:L/Au:N/C:P/I:P/A:C\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11804.\r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to potentially disclose\r\nmemory addresses on vulnerable installations of Apple QuickTime Player.\r\nUser interaction is required to exploit this vulnerability in that the\r\ntarget must visit a malicious page or open a malicious file.\r\n\r\nThe specific flaw exists within how QuickTime.qts parses a data handler\r\nin specific atom within a .mov file. The application will utilize a\r\nstring length to copy data into an heap buffer, if the string is of\r\nzero-length, the application will fail to copy anything and then proceed\r\nto use the uninitialized buffer as a string.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5002\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-05-12 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3220"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27224", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27224", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution\r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-004\r\nJanuary 5, 2012\r\n\r\n- -- CVE ID:\r\nCVE-2011-3250\r\n\r\n- -- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n- -- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n- -- Affected Products:\r\n\r\nApple Quicktime 7.3\r\n\r\n\r\n\r\n- -- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11901.\r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple QuickTime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe flaw exists within the JP2Deco component which is used when handling\r\nan mjp2 sample. This sample format (JPEG2000) has a required COD marker\r\nsegment (0xff52) followed by a COD length value. When extracting the\r\ncontents of this section the application subtracts from this length\r\nbefore passing it into a call to memcpy. A remote attacker can exploit\r\nthis error to execute arbitrary code under the context of the user.\r\n\r\n- -- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n\r\n- -- Disclosure Timeline:\r\n2011-07-25 - Vulnerability reported to vendor\r\n\r\n2012-01-05 - Coordinated public release of advisory\r\n\r\n\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n* Anonymous\r\n\r\n\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.17 (MingW32)\r\n\r\niQEcBAEBAgAGBQJPBhHlAAoJEFVtgMGTo1schioH/RHh+UajY4pSdW4vgVZC2bfn\r\nnuWWLeoQPUq/Q/7Rl0mSatsJYEGJ7AqkPXIIK3YqCgvVpRnTdLNLxY99ebS6mg5B\r\n+91YoaWq5XKo4O6Ka4ev9Aijy66qrT3Gqf8hzFbWxqJ30ZYmLj67yQ2glzxZioGh\r\ntePNxGCbI5xUe0vMByPSHJPdbO3eJsAyERlbeeR9rYIJG2RhadJVeKg2xWio1wU6\r\nZja6Uukc16oW+WixhO8jMZ3fVsN2DnEGSsHlYAkNDQYKGI54it3UfovE24Lo4Asm\r\n9Jyw2vtFwxYwJ5zpztE7J3oVx1+HHWHRvogyda6j3zNl4dDlf3+llknQhJSRBQw=\r\n=69ah\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-01-09T00:00:00", "title": "ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3250"], "modified": "2012-01-09T00:00:00", "id": "SECURITYVULNS:DOC:27515", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27515", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-303\r\nOctober 26, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3219\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime handles H.264 streams.\r\nWhen parsing the Sequence Parameter Set data for a H.264 stream it reads\r\nthe frame cropping offset fields. When those fields contain incorrect\r\ndata Quicktime will eventually write outside the buffer allocated for\r\nthe movie stream. This can result in remote code execution under the\r\ncontext of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT4981\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-10-26 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Damian Put\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "title": "ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3219"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27220", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-315\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3249\r\n\r\n-- CVSS:\r\n9, AV:N/AC:L/Au:N/C:P/I:P/A:C\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime decodes flic file.\r\nFlic files can contain FLC Delta Decompression block containing Run\r\nLength Encoded data. Quicktime fails to correctly checking the\r\ndecompression size when decoding the RLE data. This allowes for a 4 byte\r\noverwrite past the end of the buffer which could result into remote code\r\nexecution under the context of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-06-03 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Matt "j00ru" Jurczyk\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "title": "ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3249"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27228", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27228", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch\r\nRemote Code Execution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-312\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3221\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple QuickTime Player. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within how the application parses the atom\r\nhierarchy within a QuickTime movie file. In a certain situation the\r\napplication will pass execution to another function for handling the\r\natom, however, will pass the incorrect number of arguments. Due to this,\r\na variable will be treated as a pointer. This can lead to code execution\r\nunder the context of the application.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5002\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-06-03 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Anonymous\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "securityvulns", "title": "ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3221"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27226", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27226", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-340\r\nDecember 7, 2011\r\n\r\n- -- CVE ID:\r\nCVE-2011-3248\r\n\r\n- -- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n- -- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n- -- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n- -- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11876.\r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within how the application parses font names\r\nembedded within an atom. When parsing the font name, the application\r\nwill treat a length from the file as a signed value when copying font\r\ndata into a buffer. Due to an unsigned promotion, this can be used to\r\nwrite outside the bounds of a buffer which can lead to code execution\r\nunder the context of the application.\r\n\r\n- -- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n- -- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-12-07 - Coordinated public release of advisory\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.17 (MingW32)\r\n\r\niQEcBAEBAgAGBQJO396wAAoJEFVtgMGTo1sch7EH/2QYzoootRWbQKfFNumD3xMk\r\nGhsoqYwIQzjGW99Gtt75n1bjHsFcCdJ3r5XUHvRiHmp4LVyzGdeglUrXFZfhTOzx\r\nb5mC20tMhiMx7OnoNKt/Iy3KzbPkApRxl7KdwtGeeFY8GO5DmeOGQuFK78ffGp+2\r\nMAqRoWkhpVriRKXbupXqvRcRuMnykkstvuib4NywT/rEk8oh00Rda1KMNoHI/Iyx\r\nvsDHoTutxePGrHq/h57aYgbdErirNxKB4O8g1bwfKYUiBGlEm/lHibm+UGMwvClx\r\nu+VDwOqqvo5DOZ4SUBU5PpRglhDlQKXYIGzRLBYgnyjYgo5+3lt8v1snJQ0PdOQ=\r\n=BR7I\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-12-11T00:00:00", "title": "ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3248"], "modified": "2011-12-11T00:00:00", "id": "SECURITYVULNS:DOC:27424", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27424", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution\r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-005\r\nJanuary 5, 2012\r\n\r\n- -- CVE ID:\r\nCVE-2011-3248\r\n\r\n- -- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n- -- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n- -- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple QuickTime Player. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within how the application decodes video\r\nsamples encoded with the RLE codec. When decompressing the sample, the\r\napplication will fail to accommodate for the canvas the sample is\r\nrendered into. This can cause a buffer overflow and thus can be taken\r\nadvantage of in order to gain code execution under the context of the\r\napplication.\r\n\r\n- -- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n\r\n- -- Disclosure Timeline:\r\n2011-10-21 - Vulnerability reported to vendor\r\n\r\n2012-01-05 - Coordinated public release of advisory\r\n\r\n\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.17 (MingW32)\r\n\r\niQEcBAEBAgAGBQJPBhIVAAoJEFVtgMGTo1scCT4IAKkA3W0IMf2AsVKwfZT/0lqp\r\nr9ZeGKfZb6V7jtn9wBpYnr5PqEoRaWPFp1LYcD18hCttRSgmcTPsCEqQ5lOw3i8l\r\nBS3PdQW+F5awtU76wSEeYBsX6/Ov1I0xvF7FKZGVOfsNqmm7gVZ7bJXtidMFeE5G\r\nD0agTtfce5HjmmRLqur2hiOAUgMLCqte58d2UM6LWze+TNEPkhencx66E1koGPdF\r\n+S8g4ui4hkrfc5r9ngMU6a4SO1c8LUAfwwrvKaQ7PpKq1GGmZ2ZiRb01lwdN8ZNL\r\neW/gnHcfrzcBqBwFelvV9FzVOoDlux6Uhc+qem3sgFwLmz2q5Lb0qlMhkGwayFo=\r\n=i+Ij\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-01-09T00:00:00", "title": "ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3248"], "modified": "2012-01-09T00:00:00", "id": "SECURITYVULNS:DOC:27514", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27514", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-316\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3251\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime processes the matrix\r\nstructures in the 'tkhd' atom for mp4 files. When the matrix structure\r\ncontains large values a movs instruction can turn the value negative.\r\nWhen Quicktime later uses the function to determine where it should\r\nwrite its data it does check the upper boundaries, but not the lower\r\nones causing a heap buffer underwrite. This can result in remote code\r\nexecution under the context of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Damian Put\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "title": "ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3251"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27229", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27229", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-314\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3247\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple's QuickTime Player. User interaction\r\nis required to exploit this vulnerability in that the target must visit\r\na malicious page or open a malicious file.\r\n\r\nThe specific flaw exists within how the application parses a specific\r\nopcode within a PCT file. When resizing a heap buffer, the application\r\nwill use a signed word read from the file to calculate the resulting\r\nsize. This can be used to force the target buffer to be of an undersized\r\nlength. Usage of this buffer will result in a buffer overflow in the\r\ncontext of the application.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5016\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-04-11 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Luigi Auriemma\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "title": "ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3247"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27227", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27227", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code\r\nExecution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-295\r\nOctober 18, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3222\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime handles flashpix\r\nfiles. When a flashpix contains a tile that has a Compression Type 0x2\r\n(JPEG) and an 'JPEG tables selector' value that is bigger then the\r\nglobal stream property 'Maximum JPEG table index', Quicktime will write\r\noutside the global JPEG table. This corruption could lead to remote code\r\nexecution under the context of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5002\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-10-18 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Damian Put\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-24T00:00:00", "title": "ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3222"], "modified": "2011-10-24T00:00:00", "id": "SECURITYVULNS:DOC:27182", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27182", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote\r\nCode Execution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-313\r\nOctober 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-3223\r\n\r\n-- CVSS:\r\n9, AV:N/AC:L/Au:N/C:P/I:P/A:C\r\n\r\n-- Affected Vendors:\r\n\r\nApple\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nApple Quicktime\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the way Quicktime decodes flic file.\r\nFlic files can contain FLC Delta Decompression block containing Run\r\nLength Encoded data. When Quicktime tries to decompress this data it\r\nreads a user supplied RLE Packet count field from the file and uses that\r\nas loop counter. A high value for this field will cause Quicktime to\r\nwrite outside previously allocated memory which could result into remote\r\ncode execution.\r\n\r\n-- Vendor Response:\r\n\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://support.apple.com/kb/HT5002\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-06-03 - Vulnerability reported to vendor\r\n2011-10-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* Matt "j00ru" Jurczyk\r\n\r\n\r\n* Anonymous\r\n\r\n\r\n* pa_kt / twitter.com/pa_kt / e1c14ba6\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-31T00:00:00", "title": "ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3223"], "modified": "2011-10-31T00:00:00", "id": "SECURITYVULNS:DOC:27225", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27225", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\r\naddresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.20 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\r\ninformation is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-0419\r\nCVE-2011-3192\r\n\r\nApplication Firewall\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Executing a binary with a maliciously crafted name may lead\r\nto arbitrary code execution with elevated privileges\r\nDescription: A format string vulnerability existed in Application\r\nFirewall's debug logging.\r\nCVE-ID\r\nCVE-2011-0185 : an anonymous reporter\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A signedness issue existed in ATS' handling of Type 1\r\nfonts. This issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3437\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: An out of bounds memory access issue existed in ATS'\r\nhandling of Type 1 fonts. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0229 : Will Dormann of the CERT/CC\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Applications which use the ATSFontDeactivate API may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A buffer overflow issue existed in the\r\nATSFontDeactivate API.\r\nCVE-ID\r\nCVE-2011-0230 : Steven Michaud of Mozilla\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in BIND 9.7.3\r\nDescription: Multiple denial of service issues existed in BIND\r\n9.7.3. These issues are addressed by updating BIND to version\r\n9.7.3-P3.\r\nCVE-ID\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nBIND\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple denial of service issues existed in BIND.\r\nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3.\r\nCVE-ID\r\nCVE-2009-4022\r\nCVE-2010-0097\r\nCVE-2010-3613\r\nCVE-2010-3614\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.\r\nImpact: Root certificates have been updated\r\nDescription: Several trusted certificates were added to the list of\r\nsystem roots. Several existing certificates were updated to their\r\nmost recent version. The complete list of recognized system roots may\r\nbe viewed via the Keychain Access application.\r\n\r\nCFNetwork\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Safari may store cookies it is not configured to accept\r\nDescription: A synchronization issue existed in CFNetwork's handling\r\nof cookie policies. Safari's cookie preferences may not be honored,\r\nallowing websites to set cookies that would be blocked were the\r\npreference enforced. This update addresses the issue through improved\r\nhandling of cookie storage.\r\nCVE-ID\r\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\r\nC. Walker, and Stephen Creswell\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain. This issue does not affect systems prior to OS X\r\nLion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization. This issue does not affect OS X Lion\r\nsystems. This update addresses the issue through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreMedia\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of QuickTime movie files. These issues do not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0224 : Apple\r\n\r\nCoreProcesses\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access to a system may partially\r\nbypass the screen lock\r\nDescription: A system window, such as a VPN password prompt, that\r\nappeared while the screen was locked may have accepted keystrokes\r\nwhile the screen was locked. This issue is addressed by preventing\r\nsystem windows from requesting keystrokes while the screen is locked.\r\nThis issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\r\nKobb, and Adam Kemp\r\n\r\nCoreStorage\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Converting to FileVault does not erase all existing data\r\nDescription: After enabling FileVault, approximately 250MB at the\r\nstart of the volume was left unencrypted on the disk in an unused\r\narea. Only data which was present on the volume before FileVault was\r\nenabled was left unencrypted. This issue is addressed by erasing this\r\narea when enabling FileVault, and on the first use of an encrypted\r\nvolume affected by this issue. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3212 : Judson Powers of ATC-NY\r\n\r\nFile Systems\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: An issue existed in the handling of WebDAV volumes on\r\nHTTPS servers. If the server presented a certificate chain that could\r\nnot be automatically verified, a warning was displayed and the\r\nconnection was closed. If the user clicked the "Continue" button in\r\nthe warning dialog, any certificate was accepted on the following\r\nconnection to that server. An attacker in a privileged network\r\nposition may have manipulated the connection to obtain sensitive\r\ninformation or take action on the server on the user's behalf. This\r\nupdate addresses the issue by validating that the certificate\r\nreceived on the second connection is the same certificate originally\r\npresented to the user.\r\nCVE-ID\r\nCVE-2011-3213 : Apple\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: A person with physical access may be able to bypass the\r\nscreen lock\r\nDescription: An issue existed with the screen lock when used with\r\nApple Cinema Displays. When a password is required to wake from\r\nsleep, a person with physical access may be able to access the system\r\nwithout entering a password if the system is in display sleep mode.\r\nThis update addresses the issue by ensuring that the lock screen is\r\ncorrectly activated in display sleep mode. This issue does not affect\r\nOS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3214 : Apple\r\n\r\niChat Server\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: A remote attacker may cause the Jabber server to consume\r\nsystem resources disproportionately\r\nDescription: An issue existed in the handling of XML external\r\nentities in jabberd2, a server for the Extensible Messaging and\r\nPresence Protocol (XMPP). jabberd2 expands external entities in\r\nincoming requests. This allows an attacker to consume system\r\nresources very quickly, denying service to legitimate users of the\r\nserver. This update addresses the issue by disabling entity expansion\r\nin incoming requests.\r\nCVE-ID\r\nCVE-2011-1755\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access may be able to access the\r\nuser's password\r\nDescription: A logic error in the kernel's DMA protection permitted\r\nfirewire DMA at loginwindow, boot, and shutdown, although not at\r\nscreen lock. This update addresses the issue by preventing firewire\r\nDMA at all states where the user is not logged in.\r\nCVE-ID\r\nCVE-2011-3215 : Passware, Inc.\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An unprivileged user may be able to delete another user's\r\nfiles in a shared directory\r\nDescription: A logic error existed in the kernel's handling of file\r\ndeletions in directories with the sticky bit.\r\nCVE-ID\r\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\r\nand Allan Schmid and Oliver Jeckel of brainworks Training\r\n\r\nlibsecurity\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An error handling issue existed when parsing a\r\nnonstandard certificate revocation list extension.\r\nCVE-ID\r\nCVE-2011-3227 : Richard Godbee of Virginia Tech\r\n\r\nMailman\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Mailman 2.1.14\r\nDescription: Multiple cross-site scripting issues existed in Mailman\r\n2.1.14. These issues are addressed by improved encoding of characters\r\nin HTML output. Further information is available via the Mailman site\r\nat http://mail.python.org/pipermail/mailman-\r\nannounce/2011-February/000158.html This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0707\r\n\r\nMediaKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Opening a maliciously crafted disk image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of disk images. These issues do not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3217 : Apple\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Any user may read another local user's password data\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\r\nPatrick Dunstan at defenseindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An authenticated user may change that account's password\r\nwithout providing the current password\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A user may be able to log in without a password\r\nDescription: When Open Directory is bound to an LDAPv3 server using\r\nRFC2307 or custom mappings, such that there is no\r\nAuthenticationAuthority attribute for a user, an LDAP user may be\r\nallowed to log in without a password. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\r\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\r\nFrederic Metoz of Institut de Biologie Structurale\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in FreeType's handling of\r\nType 1 fonts. This issue is addressed by updating FreeType to version\r\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\r\ninformation is available via the FreeType site at\r\nhttp://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-0226\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng 1.4.3\r\nDescription: libpng is updated to version 1.5.4 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in PHP 5.3.4\r\nDescription: PHP is updated to version 5.3.6 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. This issues do not affect OS X Lion systems. Further\r\ninformation is available via the PHP website at http://www.php.net/\r\nCVE-ID\r\nCVE-2010-3436\r\nCVE-2010-4645\r\nCVE-2011-0420\r\nCVE-2011-0421\r\nCVE-2011-0708\r\nCVE-2011-1092\r\nCVE-2011-1153\r\nCVE-2011-1466\r\nCVE-2011-1467\r\nCVE-2011-1468\r\nCVE-2011-1469\r\nCVE-2011-1470\r\nCVE-2011-1471\r\n\r\npostfix\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nmail sessions, resulting in the disclosure of sensitive information\r\nDescription: A logic issue existed in Postfix in the handling of the\r\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\r\nprocess other plain-text commands. An attacker in a privileged\r\nnetwork position may manipulate the mail session to obtain sensitive\r\ninformation from the encrypted traffic. This update addresses the\r\nissue by clearing the command queue after processing a STARTTLS\r\ncommand. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Postfix site at\r\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\r\nCVE-ID\r\nCVE-2011-0411\r\n\r\npython\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in python\r\nDescription: Multiple vulnerabilities existed in python, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by applying patches from the python project.\r\nFurther information is available via the python site at\r\nhttp://www.python.org/download/releases/\r\nCVE-ID\r\nCVE-2010-1634\r\nCVE-2010-2089\r\nCVE-2011-1521\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSC\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSZ\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STTS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is resolved by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSMB File Server\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A guest user may browse shared folders\r\nDescription: An access control issue existed in the SMB File Server.\r\nDisallowing guest access to the share point record for a folder\r\nprevented the '_unknown' user from browsing the share point but not\r\nguests (user 'nobody'). This issue is addressed by applying the\r\naccess control to the guest user. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3225\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\r\nDescription: Tomcat is updated to version 6.0.32 to address multiple\r\nvulnerabilities, the most serious of which may lead to a cross site\r\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\r\nThis issue does not affect OS X Lion systems. Further information is\r\navailable via the Tomcat site at http://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2010-1157\r\nCVE-2010-2227\r\nCVE-2010-3718\r\nCVE-2010-4172\r\nCVE-2011-0013\r\nCVE-2011-0534\r\n\r\nUser Documentation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nApp Store help content, leading to arbitrary code execution\r\nDescription: App Store help content was updated over HTTP. This\r\nupdate addresses the issue by updating App Store help content over\r\nHTTPS. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3224 : Aaron Sigel of vtty.com\r\n\r\nWeb Server\r\nAvailable for: Mac OS X Server v10.6.8\r\nImpact: Clients may be unable to access web services that require\r\ndigest authentication\r\nDescription: An issue in the handling of HTTP Digest authentication\r\nwas addressed. Users may be denied access to the server's resources,\r\nwhen the server configuration should have allowed the access. This\r\nissue does not represent a security risk, and was addressed to\r\nfacilitate the use of stronger authentication mechanisms. Systems\r\nrunning OS X Lion Server are not affected by this issue.\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng\r\nDescription: Multiple vulnerabilities existed in libpng, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\r\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\r\navailable via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\r\nthe security content of Safari 5.1.1, please visit:\r\nhttp://support.apple.com/kb/HT5000\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2011-006 or OS X v10.7.2.\r\n\r\nFor OS X Lion v10.7.1\r\nThe download file is named: MacOSXUpd10.7.2.dmg\r\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\r\n\r\nFor OS X Lion v10.7\r\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\r\n\r\nFor OS X Lion Server v10.7.1\r\nThe download file is named: MacOSXServerUpd10.7.2.dmg\r\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\r\n\r\nFor OS X Lion Server v10.7\r\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2011-006Snow.dmg\r\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2011-006.dmg\r\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\r\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\r\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\r\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\r\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\r\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\r\n=gsvn\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-16T00:00:00", "title": "APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27155", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:07", "description": "Multiple vulnerabilities in different system components.", "edition": 2, "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "securityvulns", "title": "Apple OS X multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11973", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:09", "description": "Graphics, Video, Audio and documents parsing vulnerabilities. Information leakage, code execution via DNS resolver. Privilege escalation. Vulnerabilities in 3rd party packages.", "edition": 2, "cvss3": {}, "published": "2012-02-03T00:00:00", "type": "securityvulns", "title": "Apple OS X multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2012-02-03T00:00:00", "id": "SECURITYVULNS:VULN:12164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12164", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\r\naddresses the following:\r\n\r\nAddress Book\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker in a privileged network position may intercept\r\nCardDAV data\r\nDescription: Address Book supports Secure Sockets Layer (SSL) for\r\naccessing CardDAV. A downgrade issue caused Address Book to attempt\r\nan unencrypted connection if an encrypted connection failed. An\r\nattacker in a privileged network position could abuse this behavior\r\nto intercept CardDAV data. This issue is addressed by not downgrading\r\nto an unencrypted connection without user approval.\r\nCVE-ID\r\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.21 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. Further information is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-3348\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nApache disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by providing a configuration\r\nparameter to control the countermeasure and enabling it by default.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nthe request to an incorrect origin server. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nunexpected request headers. This issue does not affect systems prior\r\nto OS X Lion.\r\nCVE-ID\r\nCVE-2011-3447 : Erling Ellingsen of Facebook\r\n\r\nColorSync\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of AAC\r\nencoded audio streams. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in CoreMedia's handling\r\nof H.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3448 : Scott Stender of iSEC Partners\r\n\r\nCoreText\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: A use after free issue existed in the handling of font\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3449 : Will Dormann of the CERT/CC\r\n\r\nCoreUI\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a malicious website may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: An unbounded stack allocation issue existed in the\r\nhandling of long URLs. This issue does not affect systems prior to OS\r\nX Lion.\r\nCVE-ID\r\nCVE-2011-3450 : Ben Syverson\r\n\r\ncurl\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote server may be able to impersonate clients via\r\nGSSAPI requests\r\nDescription: When doing GSSAPI authentication, libcurl\r\nunconditionally performs credential delegation. This issue is\r\naddressed by disabling GSSAPI credential delegation.\r\nCVE-ID\r\nCVE-2011-2192\r\n\r\nData Security\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Two certificate authorities in the list of trusted root\r\ncertificates have independently issued intermediate certificates to\r\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\r\nweak keys that it is unable to revoke. An attacker with a privileged\r\nnetwork position could intercept user credentials or other sensitive\r\ninformation intended for a site with a certificate issued by DigiCert\r\nMalaysia. This issue is addressed by configuring default system trust\r\nsettings so that DigiCert Malaysia's certificates are not trusted. We\r\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\r\nthis issue.\r\n\r\ndovecot\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nDovecot disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by enabling the\r\ncountermeasure.\r\nCVE-ID\r\nCVE-2011-3389 : Apple\r\n\r\nfilecmds\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Decompressing a maliciously crafted compressed file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the 'uncompress' command\r\nline tool.\r\nCVE-ID\r\nCVE-2011-2895\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of\r\nThunderScan encoded TIFF images. This issue is address by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nInternet Sharing\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A Wi-Fi network created by Internet Sharing may lose\r\nsecurity settings after a system update\r\nDescription: After updating to a version of OS X Lion prior to\r\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\r\nto factory defaults, which disables the WEP password. This issue only\r\naffects systems with Internet Sharing enabled and sharing the\r\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\r\nconfiguration during a system update.\r\nCVE-ID\r\nCVE-2011-3452 : an anonymous researcher\r\n\r\nLibinfo\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in Libinfo's handling of hostname\r\nlookup requests. Libinfo could return incorrect results for a\r\nmaliciously crafted hostname. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3441 : Erling Ellingsen of Facebook\r\n\r\nlibresolv\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's libresolv library may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow existed in the parsing of DNS\r\nresource records, which may lead to heap memory corruption.\r\nCVE-ID\r\nCVE-2011-3453 : Ilja van Sprundel of IOActive\r\n\r\nlibsecurity\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Some EV certificates may be trusted even if the\r\ncorresponding root has been marked as untrusted\r\nDescription: The certificate code trusted a root certificate to sign\r\nEV certificates if it was on the list of known EV issuers, even if\r\nthe user had marked it as 'Never Trust' in Keychain. The root would\r\nnot be trusted to sign non-EV certificates.\r\nCVE-ID\r\nCVE-2011-3422 : Alastair Houghton\r\n\r\nOpenGL\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in PHP 5.3.6\r\nDescription: PHP is updated to version 5.3.8 to address several\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the PHP web site at\r\nhttp://www.php.net\r\nCVE-ID\r\nCVE-2011-1148\r\nCVE-2011-1657\r\nCVE-2011-1938\r\nCVE-2011-2202\r\nCVE-2011-2483\r\nCVE-2011-3182\r\nCVE-2011-3189\r\nCVE-2011-3267\r\nCVE-2011-3268\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\r\nan unexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of MP4 encoded files.\r\nCVE-ID\r\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\r\nTippingPoint's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of font\r\ntables embedded in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An off by one buffer overflow existed in the handling\r\nof rdrf atoms in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Processing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PNG files.\r\nCVE-ID\r\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FLC\r\nencoded movie files\r\nCVE-ID\r\nCVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSquirrelMail\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in SquirrelMail\r\nDescription: SquirrelMail is updated to version 1.4.22 to address\r\nseveral vulnerabilities, the most serious of which is a cross-site\r\nscripting issue. This issue does not affect OS X Lion systems.\r\nFurther information is available via the SquirrelMail web site at\r\nhttp://www.SquirrelMail.org/\r\nCVE-ID\r\nCVE-2010-1637\r\nCVE-2010-2813\r\nCVE-2010-4554\r\nCVE-2010-4555\r\nCVE-2011-2023\r\n\r\nSubversion\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Accessing a Subversion repository may lead to the disclosure\r\nof sensitive information\r\nDescription: Subversion is updated to version 1.6.17 to address\r\nmultiple vulnerabilities, the most serious of which may lead to the\r\ndisclosure of sensitive information. Further information is available\r\nvia the Subversion web site at http://subversion.tigris.org/\r\nCVE-ID\r\nCVE-2011-1752\r\nCVE-2011-1783\r\nCVE-2011-1921\r\n\r\nTime Machine\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote attacker may access new backups created by the\r\nuser's system\r\nDescription: The user may designate a remote AFP volume or Time\r\nCapsule to be used for Time Machine backups. Time Machine did not\r\nverify that the same device was being used for subsequent backup\r\noperations. An attacker who is able to spoof the remote volume could\r\ngain access to new backups created by the user's system. This issue\r\nis addressed by verifying the unique identifier associated with a\r\ndisk for backup operations.\r\nCVE-ID\r\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\r\nDresden\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\r\nDescription: Tomcat is updated to version 6.0.33 to address multiple\r\nvulnerabilities, the most serious of which may lead to the disclosure\r\nof sensitive information. Tomcat is only provided on Mac OS X Server\r\nsystems. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Tomcat site at\r\nhttp://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2011-2204\r\n\r\nWebDAV Sharing\r\nAvailable for: OS X Lion Server v10.7 to v10.7.2\r\nImpact: Local users may obtain system privileges\r\nDescription: An issue existed in WebDAV Sharing's handling of user\r\nauthentication. A user with a valid account on the server or one of\r\nits bound directories could cause the execution of arbitrary code\r\nwith system privileges. This issue does not affect systems prior to\r\nOS X Lion.\r\nCVE-ID\r\nCVE-2011-3463 : Gordon Davisson of Crywolf\r\n\r\nWebmail\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted e-mail message may lead to the\r\ndisclosure of message content\r\nDescription: A cross-site scripting vulnerability existed in the\r\nhandling of mail messages. This issue is addressed by updating\r\nRoundcube Webmail to version 0.6. This issue does not affect systems\r\nprior to OS X Lion. Further information is available via the\r\nRoundcube site at http://trac.roundcube.net/\r\nCVE-ID\r\nCVE-2011-2937\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2021-001 or OS X v10.7.3.\r\n\r\nFor OS X Lion v10.7.2\r\nThe download file is named: MacOSXUpd10.7.3.dmg\r\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\r\n\r\nFor OS X Lion v10.7 and v10.7.1\r\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\r\n\r\nFor OS X Lion Server v10.7.2\r\nThe download file is named: MacOSXServerUpd10.7.3.dmg\r\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\r\n\r\nFor OS X Lion Server v10.7 and v10.7.1\r\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2012-001Snow.dmg\r\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2012-001.dmg\r\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\r\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\r\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\r\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\r\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\r\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\r\n=c1eU\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-02-03T00:00:00", "title": "APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-3348", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2012-02-03T00:00:00", "id": "SECURITYVULNS:DOC:27600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27600", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:15", "description": "Multiple security vulnerabilities on different media formats parsing.", "edition": 2, "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "securityvulns", "title": "Apple iTunes multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-1294", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11974", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11974", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-11-1 iTunes 10.5\r\n\r\niTunes 10.5 is now available and addresses the following:\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nstring tokenization. This issue does not affect OS X Lion systems.\r\nFor Mac OS X v10.6 systems, this issue is addressed in Security\r\nUpdate 2011-006.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of audio\r\nstream encoded with the advanced audio code. This issue does not\r\naffect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.264\r\nencoded movie files. For OS X Lion systems, this issue is addressed\r\nin OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is\r\naddressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. This issue does not affect OS X Lion systems. For Mac OS\r\nX v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. This issue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution.\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2811 : Apple\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2815 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development\r\ncommunity, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity Team\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3238 : Martin Barbella\r\nCVE-2011-3239 : Slawomir Blazek\r\nCVE-2011-3241 : Apple\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to arbitrary code\r\nexecution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to arbitrary files being created with the\r\nprivileges of the user, which may lead to arbitrary code execution.\r\nThis issue is addressed through improved libxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\n\r\niTunes 10.5 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nFor Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunesSetup.exe"\r\nIts SHA-1 digest is: 1205cda4ce9a32db2fe02cf9f2cf2c0bf7d47bdb\r\n\r\nFor 64-bit Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunes64Setup.exe"\r\nIts SHA-1 digest is: ab400ad27a537613b3b5306ea026763a93d57fdf\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlHiHAAoJEGnF2JsdZQee3qwH/0lwVfV3mYVgDxPYfnJlPVF/\r\n2LNjJjmafyNdzSoOOyL9bn5QZqdDlvHCkjgpsq+yX7//8bF/kN7qj3jNBh2qMFCa\r\ncTqIpRnJP5G1GwCdWCep6ZS9NNcv7pADcuoLrHJAHyFE+BlTSNJPkiD3noJiBBuQ\r\nj6CZl5If05rDY7fhspQ6zTlJ7NzzyTIrGM1aJXur2wawVhEALO56gb7+GzGeORax\r\nzU0Jafu9OL8naPfXOFRCvqGXyGBEW0VeWzGqaudDvui1LA5djp6B5AknuE4Xlotq\r\nfXPtwmylQ3B4OaBkoavqPI/UwKkQe0Bn/EsTHf4Pxeo+11CLwRg+JgLCanXRpqw=\r\n=12aV\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-16T00:00:00", "title": "APPLE-SA-2011-10-11-1 iTunes 10.5", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27156", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27156", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-09-04T14:19:36", "description": "The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3428", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:802198", "href": "http://plugins.openvas.org/nasl.php?oid=802198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_quicktime_mult_dos_vuln_win_nov11.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service via crafted files.\n Impact Level: System/Application\";\ntag_affected = \"QuickTime Player version prior to 7.7.1\";\ntag_insight = \"The flaws are due to\n - A integer overflow while handling the PICT files and JPEG2000 encoded\n movie files.\n - A signedness issue existed in the handling of font tables embedded in\n QuickTime movie files.\n - A buffer overflow issue while handling FLIC files, FlashPix files and FLC\n and RLE encoded movie files.\n - A memory corruption issue, while handling of TKHD atoms in QuickTime\n movie files.\";\ntag_solution = \"Upgrade to QuickTime Player version 7.7.1 or later,\n For updates refer to http://www.apple.com/quicktime/download/\";\ntag_summary = \"The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(802198);\n script_version(\"$Revision: 7015 $\");\n script_cve_id(\"CVE-2011-3219\", \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3218\",\n \"CVE-2011-3222\", \"CVE-2011-3223\", \"CVE-2011-3228\", \"CVE-2011-3247\",\n \"CVE-2011-3248\", \"CVE-2011-3249\", \"CVE-2011-3250\", \"CVE-2011-3251\",\n \"CVE-2011-3428\");\n script_bugtraq_id(50068, 50130, 50131, 50122, 50100, 50101, 50127, 50399, 50400,\n 50404, 50401, 50403);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_name(\"Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5016\");\n script_xref(name : \"URL\" , value : \"http://www.zerodayinitiative.com/advisories/ZDI-11-314/\");\n script_xref(name : \"URL\" , value : \"http://www.zerodayinitiative.com/advisories/ZDI-11-315/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_require_keys(\"QuickTime/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nquickVer = get_kb_item(\"QuickTime/Win/Ver\");\nif(!quickVer){\n exit(0);\n}\n\n## Check for QuickTime Playe Version less than 7.7.1\nif(version_is_less(version:quickVer, test_version:\"7.7.1\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-03T21:01:07", "description": "The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3221", "CVE-2011-3249", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3248", "CVE-2011-3220", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3251", "CVE-2011-3219", "CVE-2011-3428", "CVE-2011-3250", "CVE-2011-3218"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310802198", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:quicktime\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802198\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2011-3219\", \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3218\",\n \"CVE-2011-3222\", \"CVE-2011-3223\", \"CVE-2011-3228\", \"CVE-2011-3247\",\n \"CVE-2011-3248\", \"CVE-2011-3249\", \"CVE-2011-3250\", \"CVE-2011-3251\",\n \"CVE-2011-3428\");\n script_bugtraq_id(50068, 50130, 50131, 50122, 50100, 50101, 50127, 50399, 50400,\n 50404, 50401, 50403);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_name(\"Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5016\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-314/\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-315/\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"QuickTime/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or\n cause a denial of service via crafted files.\");\n\n script_tag(name:\"affected\", value:\"QuickTime Player version prior to 7.7.1.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A integer overflow while handling the PICT files and JPEG2000 encoded\n movie files.\n\n - A signedness issue existed in the handling of font tables embedded in\n QuickTime movie files.\n\n - A buffer overflow issue while handling FLIC files, FlashPix files and FLC\n and RLE encoded movie files.\n\n - A memory corruption issue, while handling of TKHD atoms in QuickTime\n movie files.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to QuickTime Player version 7.7.1 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apple QuickTime and is prone to multiple\n denial of service vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"7.7.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.7.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-27T19:22:38", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802336\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5000\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5002\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.6\\.8\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2011-006\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:54", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:802336", "href": "http://plugins.openvas.org/nasl.php?oid=802336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su11-006.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2011-006\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\";\n\nif(description)\n{\n script_id(802336);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1222\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5000\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5002\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-26T15:08:42", "description": "This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "openvas", "title": "Mac OS X Multiple Vulnerabilities (2012-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-3348", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310802392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Multiple Vulnerabilities (2012-001)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802392\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2011-3444\", \"CVE-2011-3348\", \"CVE-2011-3389\", \"CVE-2011-3246\",\n \"CVE-2011-3447\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3448\",\n \"CVE-2011-3449\", \"CVE-2011-3450\", \"CVE-2011-2192\", \"CVE-2011-2895\",\n \"CVE-2011-3452\", \"CVE-2011-3441\", \"CVE-2011-3453\", \"CVE-2011-3422\",\n \"CVE-2011-3457\", \"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\",\n \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\",\n \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-3256\", \"CVE-2011-3328\",\n \"CVE-2011-3458\", \"CVE-2011-3248\", \"CVE-2011-3459\", \"CVE-2011-3250\",\n \"CVE-2011-3460\", \"CVE-2011-3249\", \"CVE-2010-1637\", \"CVE-2010-2813\",\n \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-1752\",\n \"CVE-2011-1783\", \"CVE-2011-1921\", \"CVE-2011-3462\", \"CVE-2011-2204\",\n \"CVE-2011-3463\", \"CVE-2011-2937\", \"CVE-2011-0241\", \"CVE-2011-1167\");\n script_bugtraq_id(51810, 49616, 49778, 50115, 51813, 48416, 50065, 51817, 51812,\n 51815, 48434, 49124, 48833, 46951, 49744, 51819, 50641, 51807,\n 49429, 51808, 46843, 49252, 47950, 48259, 49241, 49249, 49376,\n 50155, 51809, 50400, 51811, 50401, 51814, 50404, 40291, 42399,\n 48648, 48091, 51818, 48456, 51816, 49229, 47820, 49303, 50092,\n 50112, 50091, 50099, 48007, 48566, 37118);\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-001)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5130\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/47843/\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026627\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[67]\\.\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI\n curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,\n libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,\n Tomcat, WebDAV Sharing.\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mac OS X 10.7.3 or\n Run Mac Updates and update the Security Update 2012-001\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.001\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n exit(0);\n }\n }\n\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.2\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"10.7 - 10.7.2\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-19T10:50:27", "description": "This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.", "cvss3": {}, "published": "2012-02-06T00:00:00", "type": "openvas", "title": "Mac OS X Multiple Vulnerabilities (2012-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3462", "CVE-2011-3448", "CVE-2011-1148", "CVE-2011-3444", "CVE-2011-1783", "CVE-2011-3246", "CVE-2011-3249", "CVE-2011-3189", "CVE-2011-0241", "CVE-2011-1752", "CVE-2011-1938", "CVE-2011-3449", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422", "CVE-2011-3248", "CVE-2011-2483", "CVE-2011-3457", "CVE-2010-2813", "CVE-2011-3463", "CVE-2011-3389", "CVE-2011-2204", "CVE-2011-3256", "CVE-2011-1657", "CVE-2011-1167", "CVE-2011-3252", "CVE-2011-3268", "CVE-2011-3328", "CVE-2011-2023", "CVE-2011-3182", "CVE-2010-4554", "CVE-2011-1921", "CVE-2011-3459", "CVE-2010-4555", "CVE-2011-3250", "CVE-2011-0200", "CVE-2011-3267", "CVE-2011-3458", "CVE-2011-3447", "CVE-2011-3460", "CVE-2011-3348", "CVE-2011-2202", "CVE-2011-3452", "CVE-2011-3450", "CVE-2011-2895", "CVE-2010-1637", "CVE-2011-2937", "CVE-2011-2192"], "modified": "2017-07-04T00:00:00", "id": "OPENVAS:802392", "href": "http://plugins.openvas.org/nasl.php?oid=802392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-001.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Mac OS X Multiple Vulnerabilities (2012-001)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI\n curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,\n libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,\n Tomcat, WebDAV Sharing.\";\ntag_insight = \"For more information on the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Mac OS X 10.7.3 or\n Run Mac Updates and update the Security Update 2012-001\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X Update/Mac OS X Security Update 2012-001.\";\n\nif(description)\n{\n script_id(802392);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3444\", \"CVE-2011-3348\", \"CVE-2011-3389\", \"CVE-2011-3246\",\n \"CVE-2011-3447\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3448\",\n \"CVE-2011-3449\", \"CVE-2011-3450\", \"CVE-2011-2192\", \"CVE-2011-2895\",\n \"CVE-2011-3452\", \"CVE-2011-3441\", \"CVE-2011-3453\", \"CVE-2011-3422\",\n \"CVE-2011-3457\", \"CVE-2011-1148\", \"CVE-2011-1657\", \"CVE-2011-1938\",\n \"CVE-2011-2202\", \"CVE-2011-2483\", \"CVE-2011-3182\", \"CVE-2011-3189\",\n \"CVE-2011-3267\", \"CVE-2011-3268\", \"CVE-2011-3256\", \"CVE-2011-3328\",\n \"CVE-2011-3458\", \"CVE-2011-3248\", \"CVE-2011-3459\", \"CVE-2011-3250\",\n \"CVE-2011-3460\", \"CVE-2011-3249\", \"CVE-2010-1637\", \"CVE-2010-2813\",\n \"CVE-2010-4554\", \"CVE-2010-4555\", \"CVE-2011-2023\", \"CVE-2011-1752\",\n \"CVE-2011-1783\", \"CVE-2011-1921\", \"CVE-2011-3462\", \"CVE-2011-2204\",\n \"CVE-2011-3463\", \"CVE-2011-2937\", \"CVE-2011-0241\", \"CVE-2011-1167\");\n script_bugtraq_id(51810, 49616, 49778, 50115, 51813, 48416, 50065, 51817, 51812,\n 51815, 48434, 49124, 48833, 46951, 49744, 51819, 50641, 51807,\n 49429, 51808, 46843, 49252, 47950, 48259, 49241, 49249, 49376,\n 50155, 51809, 50400, 51811, 50401, 51814, 50404, 40291, 42399,\n 48648, 48091, 51818, 48456, 51816, 49229, 47820, 49303, 50092,\n 50112, 50091, 50099, 48007, 48566, 37118);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-001)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5130\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/47843/\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026627\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Variables Initialization\nosName = \"\";\nosVer = NULL;\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.001\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Check if OS is 10.7 through 10.7.2\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.2\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T20:02:52", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310802193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802193\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4981\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may cause denial of service conditions.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows.\");\n\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer to the links given below.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Apple iTunes version 10.5 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-20T13:27:54", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2827", "CVE-2011-1293", "CVE-2011-0221", "CVE-2011-2790", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0259", "CVE-2011-2352", "CVE-2011-2792", "CVE-2010-1823", "CVE-2011-0215", "CVE-2011-2339", "CVE-2011-3234", "CVE-2011-1462", "CVE-2011-1451", "CVE-2011-0238", "CVE-2011-3233", "CVE-2011-0204", "CVE-2011-0223", "CVE-2011-1440", "CVE-2011-2359", "CVE-2011-1109", "CVE-2011-1457", "CVE-2011-2351", "CVE-2011-2818", "CVE-2011-3241", "CVE-2011-0240", "CVE-2011-1204", "CVE-2011-2820", "CVE-2011-0218", "CVE-2011-0164", "CVE-2011-0254", "CVE-2011-2797", "CVE-2011-0255", "CVE-2011-1296", "CVE-2011-0981", "CVE-2011-2811", "CVE-2011-2788", "CVE-2011-3239", "CVE-2011-1115", "CVE-2011-3252", "CVE-2011-3244", "CVE-2011-1114", "CVE-2011-3236", "CVE-2011-2338", "CVE-2011-3238", "CVE-2011-1203", "CVE-2011-2356", "CVE-2011-0983", "CVE-2011-0222", "CVE-2011-2354", "CVE-2011-2799", "CVE-2011-2817", "CVE-2011-2831", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-3232", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-2815", "CVE-2011-3237", "CVE-2011-3219", "CVE-2011-0253", "CVE-2011-1117", "CVE-2011-0200", "CVE-2011-0232", "CVE-2011-2814", "CVE-2011-1449", "CVE-2011-1121", "CVE-2011-2813", "CVE-2011-2816", "CVE-2011-1774", "CVE-2011-2823", "CVE-2011-3235", "CVE-2011-1188", "CVE-2011-0235", "CVE-2011-2809", "CVE-2011-2341"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:802193", "href": "http://plugins.openvas.org/nasl.php?oid=802193", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_oct11_win.nasl 8169 2017-12-19 08:42:31Z cfischer $\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may\n cause denial of service conditions.\n Impact Level: System/Application\";\ntag_affected = \"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows\";\ntag_insight = \"For more details about the vulnerabilities refer to the links given below.\";\ntag_solution = \"Upgrade to Apple Apple iTunes version 10.5 or later,\n For updates refer to http://www.apple.com/itunes/download/\";\ntag_summary = \"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802193);\n script_version(\"$Revision: 8169 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 09:42:31 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4981\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2022-01-31T20:52:21", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.", "cvss3": {}, "published": "2012-08-17T00:00:00", "type": "zdi", "title": "Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3220"], "modified": "2012-08-17T00:00:00", "id": "ZDI-12-136", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-136/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T20:57:19", "description": "This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how QuickTime.qts parses a data handler in specific atom within a .mov file. The application will utilize a string length to copy data into an heap buffer, if the string is of zero-length, the application will fail to copy anything and then proceed to use the uninitialized buffer as a string.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3220"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-311", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-311/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T20:53:39", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.", "cvss3": {}, "published": "2012-01-05T00:00:00", "type": "zdi", "title": "Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3250"], "modified": "2012-01-05T00:00:00", "id": "ZDI-12-004", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-004/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:57:24", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. When those fields contain incorrect data Quicktime will eventually write outside the buffer allocated for the movie stream. This can result in remote code execution under the context of the current user.", "cvss3": {}, "published": "2011-10-26T00:00:00", "type": "zdi", "title": "Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3219"], "modified": "2011-10-26T00:00:00", "id": "ZDI-11-303", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-303/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:57:19", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allowes for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3249"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-315", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-315/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:57:19", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3221"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-312", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-312/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T20:57:02", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application.", "cvss3": {}, "published": "2011-12-07T00:00:00", "type": "zdi", "title": "Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3248"], "modified": "2011-12-07T00:00:00", "id": "ZDI-11-340", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-340/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:40", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.", "cvss3": {}, "published": "2012-01-05T00:00:00", "type": "zdi", "title": "Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3248"], "modified": "2012-01-05T00:00:00", "id": "ZDI-12-005", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-005/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:57:16", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. When Quicktime later uses the function to determine where it should write its data it does check the upper boundaries, but not the lower ones causing a heap buffer underwrite. This can result in remote code execution under the context of the current user.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3251"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-316", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-316/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:57:17", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. This can be used to force the target buffer to be of an undersized length. Usage of this buffer will result in a buffer overflow in the context of the application.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3247"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-314", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-314/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:57:27", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles flashpix files. When a flashpix contains a tile that has a Compression Type 0x2 (JPEG) and an 'JPEG tables selector' value that is bigger then the global stream property 'Maximum JPEG table index', Quicktime will write outside the global JPEG table. This corruption could lead to remote code execution under the context of the current user.", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "zdi", "title": "Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3222"], "modified": "2011-10-18T00:00:00", "id": "ZDI-11-295", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-295/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T20:57:18", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. When Quicktime tries to decompress this data it reads a user supplied RLE Packet count field from the file and uses that as loop counter. A high value for this field will cause Quicktime to write outside previously allocated memory which could result into remote code execution.", "cvss3": {}, "published": "2011-10-27T00:00:00", "type": "zdi", "title": "Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3223"], "modified": "2011-10-27T00:00:00", "id": "ZDI-11-313", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-313/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:58:30", "description": "BUGTRAQ ID: 50130\r\nCVE ID: CVE-2011-3220\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nApple QuickTime\u5728\u5904\u7406\u89c6\u9891\u6587\u4ef6\u4e2d\u7684URL\u6570\u636e\u5904\u7406\u7a0b\u5e8f\u65f6\u5b58\u5728\u672a\u521d\u59cb\u5316\u5185\u5b58\u8bbf\u95ee\u95ee\u9898\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u8bfb\u53d6\u5185\u5b58\u5185\u5bb9\u3002\n\nApple QuickTime Player 7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-28T00:00:00", "title": "Apple QuickTime\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3220"], "modified": "2011-10-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23149", "id": "SSV:23149", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:58:12", "description": "BUGTRAQ ID: 50068\r\nCVE ID: CVE-2011-3219\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u6b64\u6f0f\u6d1e\u53ef\u5f71\u54cdCoreMedia\u7ec4\u4ef6\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\u5f53\u89e3\u6790H.264\u6d41\u7684Sequence Parameter Set\u6570\u636e\u65f6\uff0c\u4f1a\u8bfb\u53d6\u5e27\u526a\u88c1\u504f\u79fb\u5b57\u6bb5\uff0c\u5f53\u8fd9\u4e9b\u5b57\u6bb5\u5305\u542b\u9519\u8bef\u6570\u636e\u65f6\uff0cQuicktime\u4f1a\u6700\u7ec8\u5728\u89c6\u9891\u6d41\u6240\u5206\u914d\u7684\u7f13\u51b2\u533a\u4e4b\u5916\u5199\u5165\uff0c\u9020\u6210\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\n\nApple Mac OS X 10.x\r\nApple MacOS X Server 10.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-27T00:00:00", "title": "Apple Mac OS X CoreMedia H.264\u7f16\u7801\u89c6\u9891\u6587\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3219"], "modified": "2011-10-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23138", "id": "SSV:23138", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:22", "description": "BUGTRAQ ID: 50400\r\nCVE ID: CVE-2011-3248\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nApple QuickTime 7.7.1\u4e4b\u524d\u7248\u672c\u5728\u5904\u7406\u7279\u5236\u89c6\u9891\u6587\u4ef6\u65f6\u5b58\u5728\u7b7e\u540d\u95ee\u9898\u5bfc\u81f4\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nApple QuickTime Player 7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-28T00:00:00", "title": "Apple QuickTime 7.7.1\u4e4b\u524d\u7248\u672c\u89c6\u9891\u6587\u4ef6\u5904\u7406\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3248"], "modified": "2011-10-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23144", "id": "SSV:23144", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:42", "description": "BUGTRAQ ID: 50403\r\nCVE ID: CVE-2011-3251\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nApple QuickTime 7.7.1\u4e4b\u524d\u7248\u672c\u5728\u5904\u7406\u7279\u5236\u89c6\u9891\u6587\u4ef6\u65f6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5bfc\u81f4\u5e94\u7528\u610f\u5916\u7ec8\u6b62\u3002\u6b64\u6f0f\u6d1e\u4e0d\u5f71\u54cdMac OS X\u7cfb\u7edf\u3002\n\nApple QuickTime Player 7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-28T00:00:00", "title": "Apple QuickTime 7.7.1\u4e4b\u524d\u7248\u672cTKHD \u5143\u7d20\u5904\u7406\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3251"], "modified": "2011-10-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23145", "id": "SSV:23145", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:50", "description": "Bugtraq ID: 50100\r\nCVE ID\uff1aCVE-2011-3222\r\n\r\nApple Mac OS X\u662f\u82f9\u679c\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nQuickTime\u5904\u7406FlashPix\u6587\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u7279\u5236\u7684FLashPix\u6587\u4ef6\u53ef\u5bfc\u81f4\u672a\u660e\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec8\u6b62\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nApple Mac OS X Server 10.6.6\r\n Apple Mac OS X Server 10.6.5\r\n Apple Mac OS X Server 10.6.5\r\n Apple Mac OS X Server 10.6.4\r\n Apple Mac OS X Server 10.6.3\r\n Apple Mac OS X Server 10.6.2\r\n Apple Mac OS X Server 10.6.1\r\n Apple Mac Os X Server 10.6.8\r\n Apple Mac Os X Server 10.6.7\r\n Apple Mac OS X Server 10.6\r\n Apple Mac OS X 10.6.5\r\n Apple Mac OS X 10.6.4\r\n Apple Mac OS X 10.6.3\r\n Apple Mac OS X 10.6.2\r\n Apple Mac OS X 10.6.1\r\n Apple Mac OS X 10.6\r\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://support.apple.com/kb/HT5002", "cvss3": {}, "published": "2011-10-14T00:00:00", "title": "Apple Mac OS X FlashPix\u6587\u4ef6CVE-2011-3222\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3222"], "modified": "2011-10-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-21027", "id": "SSV:21027", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:58:38", "description": "BUGTRAQ ID: 50100\r\nCVE ID: CVE-2011-3222\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nApple QuickTime\u5728\u5904\u7406\u7279\u5236FlashPix\u6587\u4ef6\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u3002\n\nApple QuickTime Player 7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-28T00:00:00", "title": "Apple Mac OS X FlashPix\u6587\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3222"], "modified": "2011-10-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23143", "id": "SSV:23143", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:58:52", "description": "CVE ID: CVE-2010-1823,CVE-2011-0164,CVE-2011-0200,CVE-2011-0204,CVE-2011-0215,CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0223,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-0259,CVE-2011-0981,CVE-2011-0983,CVE-2011-1109,CVE-2011-1114,CVE-2011-1115,CVE-2011-1117,CVE-2011-1121,CVE-2011-1188,CVE-2011-1203,CVE-2011-1204,CVE-2011-1288,CVE-2011-1293,CVE-2011-1296,CVE-2011-1440,CVE-2011-1449,CVE-2011-1451,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1774,CVE-2011-1797,CVE-2011-2338,CVE-2011-2339,CVE-2011-2341,CVE-2011-2351,CVE-2011-2352,CVE-2011-2354,CVE-2011-2356,CVE-2011-2359,CVE-2011-2788,CVE-2011-2790,CVE-2011-2792,CVE-2011-2797,CVE-2011-2799,CVE-2011-2809,CVE-2011-2811,CVE-2011-2813,CVE-2011-2814,CVE-2011-2815,CVE-2011-2816,CVE-2011-2817,CVE-2011-2818,CVE-2011-2820,CVE-2011-2823,CVE-2011-2827,CVE-2011-2831,CVE-2011-3219,CVE-2011-3232,CVE-2011-3233,CVE-2011-3234,CVE-2011-3235,CVE-2011-3236,CVE-2011-3237,CVE-2011-3238,CVE-2011-3239,CVE-2011-3241,CVE-2011-3244,CVE-2011-3252\r\n\r\niTunes\u662f\u4e00\u6b3e\u5a92\u4f53\u64ad\u653e\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c2001\u5e741\u670810\u65e5\u7531\u82f9\u679c\u7535\u8111\u5728\u65e7\u91d1\u5c71\u7684Macworld Expo\u63a8\u51fa\uff0c\u7528\u6765\u64ad\u653e\u4ee5\u53ca\u7ba1\u7406\u6570\u5b57\u97f3\u4e50\u548c\u4e0e\u89c6\u9891\u6587\u4ef6\uff0c\u662f\u7ba1\u7406\u82f9\u679ciPod\u7684\u6587\u4ef6\u7684\u4e3b\u8981\u5de5\u5177\u3002\r\n\r\nApple iTunes\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u88ab\u6076\u610f\u7528\u6237\u5229\u7528\u6cc4\u9732\u654f\u611f\u4fe1\u606f\uff0c\u64cd\u4f5c\u67d0\u4e9b\u6570\u636e\u3001\u6267\u884c\u8de8\u7ad9\u811a\u672c\u548c\u6b3a\u9a97\u653b\u51fb\u3001\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n1\uff09\u5728\u5904\u7406\u5b57\u7b26\u4e32\u6807\u5fd7\u5316\u65f6\uff0cCoreFoundation\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u7834\u574f\u5185\u5b58\u3002\r\n\r\n2\uff09\u5904\u7406AAC\u6d41\u65f6CoreAudio\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n3\uff09\u5904\u7406H.264\u7f16\u7801\u6587\u4ef6\u65f6CoreMedia\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n4\uff09\u4f7f\u7528AddressSanitizer\u65f6WebKit\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u5185\u5b58\u7834\u574f\uff1b\r\n\r\n5\uff09WebKit\u7ec4\u4ef6\u7684\u591a\u4e2a\u9519\u8bef\u53ef\u88ab\u5229\u7528\u7834\u574f\u5185\u5b58\u3002\n\nApple iTunes 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2011-10-13T00:00:00", "title": "Apple iTunes\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-1823", "CVE-2011-0164", "CVE-2011-0200", "CVE-2011-0204", "CVE-2011-0215", "CVE-2011-0218", "CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225", "CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235", "CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0253", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0259", "CVE-2011-0981", "CVE-2011-0983", "CVE-2011-1109", "CVE-2011-1114", "CVE-2011-1115", "CVE-2011-1117", "CVE-2011-1121", "CVE-2011-1188", "CVE-2011-1203", "CVE-2011-1204", "CVE-2011-1288", "CVE-2011-1293", "CVE-2011-1296", "CVE-2011-1440", "CVE-2011-1449", "CVE-2011-1451", "CVE-2011-1453", "CVE-2011-1457", "CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-2338", "CVE-2011-2339", "CVE-2011-2341", "CVE-2011-2351", "CVE-2011-2352", "CVE-2011-2354", "CVE-2011-2356", "CVE-2011-2359", "CVE-2011-2788", "CVE-2011-2790", "CVE-2011-2792", "CVE-2011-2797", "CVE-2011-2799", "CVE-2011-2809", "CVE-2011-2811", "CVE-2011-2813", "CVE-2011-2814", "CVE-2011-2815", "CVE-2011-2816", "CVE-2011-2817", "CVE-2011-2818", "CVE-2011-2820", "CVE-2011-2823", "CVE-2011-2827", "CVE-2011-2831", "CVE-2011-3219", "CVE-2011-3232", "CVE-2011-3233", "CVE-2011-3234", "CVE-2011-3235", "CVE-2011-3236", "CVE-2011-3237", "CVE-2011-3238", "CVE-2011-3239", "CVE-2011-3241", "CVE-2011-3244", "CVE-2011-3252"], "modified": "2011-10-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-21013", "id": "SSV:21013", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T12:23:50", "description": "QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.", "cvss3": {}, "published": "2011-10-14T10:55:00", "type": "cve", "title": "CVE-2011-3220", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3220"], "modified": "2012-01-14T03:55:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x:10.7.0", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.7.0", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.5.8", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x_server:10.7.1", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.7.1", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.6"], "id": "CVE-2011-3220", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3220", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:24:19", "description": "Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.", "cvss3": {}, "published": "2011-10-28T02:49:00", "type": "cve", "title": "CVE-2011-3250", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3250"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:quicktime:4.1.2", "cpe:/a:apple:quicktime:5.0.2", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:6.1", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:6.3.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.4", "cpe:/a:apple:quicktime:5.0.1", "cpe:/a:apple:quicktime:7.3", "cpe:/a:apple:quicktime:7.1", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:6.5", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.7", "cpe:/a:apple:quicktime:6.4.0", "cpe:/a:apple:quicktime:6.0.2", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:6.1.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:6.5.2", "cpe:/a:apple:quicktime:6.5.0", "cpe:/a:apple:quicktime:5.0", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:3.0", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:6.0", "cpe:/a:apple:quicktime:6.0.1", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:6.5.1", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.0", "cpe:/a:apple:quicktime:6.2.0", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:6.1.1", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:6.0.0", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.5"], "id": "CVE-2011-3250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3250", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:47", "description": "The \"Save for Web\" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.", "cvss3": {}, "published": "2011-10-14T10:55:00", "type": "cve", "title": "CVE-2011-3218", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3218"], "modified": "2012-01-14T03:55:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.5.8", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.6"], "id": "CVE-2011-3218", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3218", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:47", "description": "Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.", "cvss3": {}, "published": "2011-10-12T18:55:00", "type": "cve", "title": "CVE-2011-3219", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3219"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:itunes:7.7.0", "cpe:/a:apple:itunes:6.0.4", "cpe:/a:apple:itunes:10.3", "cpe:/a:apple:itunes:7.5.0", "cpe:/a:apple:itunes:9.0.3", "cpe:/a:apple:itunes:10.1", "cpe:/a:apple:itunes:5.0.0", "cpe:/a:apple:itunes:4.0.0", "cpe:/a:apple:itunes:10.4.1", "cpe:/a:apple:itunes:7.7", "cpe:/a:apple:itunes:10.1.1", "cpe:/a:apple:itunes:7.6.0", "cpe:/a:apple:itunes:8.1", "cpe:/a:apple:itunes:6.0.1", "cpe:/a:apple:itunes:8.0.0", "cpe:/a:apple:itunes:7.5", "cpe:/a:apple:itunes:8.2", "cpe:/a:apple:itunes:7.0.1", "cpe:/a:apple:itunes:7.1.1", "cpe:/a:apple:itunes:6.0.5", "cpe:/a:apple:itunes:7.3.0", "cpe:/a:apple:itunes:6.0.3", "cpe:/a:apple:itunes:7.1.0", "cpe:/a:apple:itunes:9.0.1", "cpe:/a:apple:itunes:8.2.1", "cpe:/a:apple:itunes:4.7.2", "cpe:/a:apple:itunes:7.4.1", "cpe:/a:apple:itunes:4.8.0", "cpe:/a:apple:itunes:8.1.1", "cpe:/a:apple:itunes:6.0.4.2", "cpe:/a:apple:itunes:10.2", "cpe:/a:apple:itunes:7.0.2", "cpe:/a:apple:itunes:6.0.2", "cpe:/a:apple:itunes:7.0.0", "cpe:/a:apple:itunes:4.7.1", "cpe:/a:apple:itunes:10.0", "cpe:/a:apple:itunes:10.1.2", "cpe:/a:apple:itunes:9.0.2", "cpe:/a:apple:itunes:7.4", "cpe:/a:apple:itunes:4.2.0", "cpe:/a:apple:itunes:10.0.1", "cpe:/a:apple:itunes:5.0", "cpe:/a:apple:itunes:6.0.0", "cpe:/a:apple:itunes:7.4.2", "cpe:/a:apple:itunes:4.6.0", "cpe:/a:apple:itunes:7.3.2", "cpe:/a:apple:itunes:4.9.0", "cpe:/a:apple:itunes:7.2.0", "cpe:/a:apple:itunes:10.3.1", "cpe:/a:apple:itunes:7.4.3", "cpe:/a:apple:itunes:7.6.1", "cpe:/a:apple:itunes:4.7.0", "cpe:/a:apple:itunes:4.5.0", "cpe:/a:apple:itunes:8.0.2", "cpe:/a:apple:itunes:4.0.1", "cpe:/a:apple:itunes:4.6", "cpe:/a:apple:itunes:9.2.1", "cpe:/a:apple:itunes:7.3.1", "cpe:/a:apple:itunes:4.7", "cpe:/a:apple:itunes:7.7.1", "cpe:/a:apple:itunes:9.0.0", "cpe:/a:apple:itunes:4.1.0", "cpe:/a:apple:itunes:7.6", "cpe:/a:apple:itunes:10.4", "cpe:/a:apple:itunes:5.0.1", "cpe:/a:apple:itunes:8.0.1", "cpe:/a:apple:itunes:7.4.0", "cpe:/a:apple:itunes:9.2", "cpe:/a:apple:itunes:7.6.2", "cpe:/a:apple:itunes:4.5"], "id": "CVE-2011-3219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3219", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:24:19", "description": "Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.", "cvss3": {}, "published": "2011-10-28T02:49:00", "type": "cve", "title": "CVE-2011-3249", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3249"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:quicktime:4.1.2", "cpe:/a:apple:quicktime:5.0.2", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:6.3.0", "cpe:/a:apple:quicktime:6.1", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.4", "cpe:/a:apple:quicktime:5.0.1", "cpe:/a:apple:quicktime:7.3", "cpe:/a:apple:quicktime:7.1", "cpe:/a:apple:quicktime:6.0.0", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:6.5", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.7", "cpe:/a:apple:quicktime:6.4.0", "cpe:/a:apple:quicktime:6.0.2", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:6.1.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:6.5.2", "cpe:/a:apple:quicktime:6.5.0", "cpe:/a:apple:quicktime:5.0", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:3.0", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:6.0", "cpe:/a:apple:quicktime:6.0.1", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:6.5.1", "cpe:/a:apple:quicktime:6.2.0", "cpe:/a:apple:quicktime:7.0", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:6.1.1", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.0.2"], "id": "CVE-2011-3249", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3249", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:49", "description": "QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.", "cvss3": {}, "published": "2011-10-14T10:55:00", "type": "cve", "title": "CVE-2011-3221", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3221"], "modified": "2012-01-14T03:55:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x:10.7.0", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x_server:10.7.0", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.5.8", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x_server:10.7.1", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.7.1", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.6"], "id": "CVE-2011-3221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3221", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:24:17", "description": "Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.", "cvss3": {}, "published": "2011-10-28T02:49:00", "type": "cve", "title": "CVE-2011-3248", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3248"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:quicktime:4.1.2", "cpe:/a:apple:quicktime:5.0.2", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:6.3.0", "cpe:/a:apple:quicktime:6.1", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.4", "cpe:/a:apple:quicktime:5.0.1", "cpe:/a:apple:quicktime:7.3", "cpe:/a:apple:quicktime:7.1", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:6.5", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:6.0.2", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:6.4.0", "cpe:/a:apple:quicktime:7.7", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:6.1.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:6.5.2", "cpe:/a:apple:quicktime:6.5.0", "cpe:/a:apple:quicktime:5.0", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:3.0", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:6.0", "cpe:/a:apple:quicktime:6.0.1", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:6.5.1", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:6.2.0", "cpe:/a:apple:quicktime:7.0", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:6.1.1", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:6.0.0", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.0.2"], "id": "CVE-2011-3248", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3248", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:24:21", "description": "Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.", "cvss3": {}, "published": "2011-10-28T02:49:00", "type": "cve", "title": "CVE-2011-3251", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3251"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:quicktime:4.1.2", "cpe:/a:apple:quicktime:5.0.2", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:6.3.0", "cpe:/a:apple:quicktime:6.1", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.4", "cpe:/a:apple:quicktime:5.0.1", "cpe:/a:apple:quicktime:7.3", "cpe:/a:apple:quicktime:7.1", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:6.5", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:6.0.2", "cpe:/a:apple:quicktime:6.4.0", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:6.1.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:6.5.2", "cpe:/a:apple:quicktime:6.5.0", "cpe:/a:apple:quicktime:5.0", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:3.0", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:6.0", "cpe:/a:apple:quicktime:6.0.1", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:6.5.1", "cpe:/a:apple:quicktime:6.2.0", "cpe:/a:apple:quicktime:7.0", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:6.1.1", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:6.0.0", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.0.2"], "id": "CVE-2011-3251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3251", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:24:17", "description": "Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.", "cvss3": {}, "published": "2011-10-28T02:49:00", "type": "cve", "title": "CVE-2011-3247", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3247"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:apple:quicktime:4.1.2", "cpe:/a:apple:quicktime:5.0.2", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:6.1", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:6.3.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.4", "cpe:/a:apple:quicktime:5.0.1", "cpe:/a:apple:quicktime:7.3", "cpe:/a:apple:quicktime:7.1", "cpe:/a:apple:quicktime:6.0.0", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:6.5", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:6.0.2", "cpe:/a:apple:quicktime:6.4.0", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:6.1.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:6.5.2", "cpe:/a:apple:quicktime:6.5.0", "cpe:/a:apple:quicktime:5.0", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:3.0", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:6.0", "cpe:/a:apple:quicktime:6.0.1", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:6.5.1", "cpe:/a:apple:quicktime:6.2.0", "cpe:/a:apple:quicktime:7.0", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:6.1.1", "cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.5"], "id": "CVE-2011-3247", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3247", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:51", "description": "Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.", "cvss3": {}, "published": "2011-10-14T10:55:00", "type": "cve", "title": "CVE-2011-3222", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3222"], "modified": "2012-01-14T03:55:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x:10.7.0", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x_server:10.7.0", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.5.8", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x_server:10.7.1", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.7.1", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.6"], "id": "CVE-2011-3222", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3222", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:52", "description": "Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.", "cvss3": {}, "published": "2011-10-14T10:55:00", "type": "cve", "title": "CVE-2011-3223", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3223"], "modified": "2012-01-14T03:55:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x:10.7.0", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x_server:10.7.0", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.5.8", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x_server:10.7.1", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.7.1", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.6"], "id": "CVE-2011-3223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3223", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:57", "description": "QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.", "cvss3": {}, "published": "2011-10-14T10:55:00", "type": "cve", "title": "CVE-2011-3228", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3228"], "modified": "2012-01-14T03:55:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.3.8", "cpe:/o:apple:mac_os_x:10.4.0", "cpe:/o:apple:mac_os_x:10.7.0", "cpe:/o:apple:mac_os_x_server:10.1.1", "cpe:/o:apple:mac_os_x:10.0.1", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.4.10", "cpe:/o:apple:mac_os_x_server:10.3.4", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.0.0", "cpe:/o:apple:mac_os_x_server:10.2.2", "cpe:/o:apple:mac_os_x_server:10.6.7", "cpe:/o:apple:mac_os_x_server:10.2.5", "cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x:10.1.3", "cpe:/o:apple:mac_os_x_server:10.1.0", "cpe:/o:apple:mac_os_x:10.2.6", "cpe:/o:apple:mac_os_x_server:10.3", "cpe:/o:apple:mac_os_x_server:10.0", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/o:apple:mac_os_x:10.1.2", "cpe:/o:apple:mac_os_x:10.3", "cpe:/o:apple:mac_os_x_server:10.4.9", "cpe:/o:apple:mac_os_x:10.3.8", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x_server:10.1.5", "cpe:/o:apple:mac_os_x:10.3.2", "cpe:/o:apple:mac_os_x_server:10.2.8", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x_server:10.7.0", "cpe:/o:apple:mac_os_x:10.3.0", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x:10.6.4", "cpe:/o:apple:mac_os_x_server:10.4.0", "cpe:/o:apple:mac_os_x_server:10.2.7", "cpe:/o:apple:mac_os_x:10.3.1", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.6.8", "cpe:/o:apple:mac_os_x:10.4.9", "cpe:/o:apple:mac_os_x_server:10.1", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.2.4", "cpe:/o:apple:mac_os_x:10.6.3", "cpe:/o:apple:mac_os_x:10.5.8", "cpe:/o:apple:mac_os_x_server:10.2.6", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x_server:10.5.7", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.3.7", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.0.2", "cpe:/o:apple:mac_os_x_server:10.6.2", "cpe:/o:apple:mac_os_x_server:10.3.0", "cpe:/o:apple:mac_os_x_server:10.6.0", "cpe:/o:apple:mac_os_x:10.2.4", "cpe:/o:apple:mac_os_x:10.1.4", "cpe:/o:apple:mac_os_x:10.1.0", "cpe:/o:apple:mac_os_x:10.3.4", "cpe:/o:apple:mac_os_x:10.2.0", "cpe:/o:apple:mac_os_x_server:10.0.1", "cpe:/o:apple:mac_os_x:10.2.8", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.6.5", "cpe:/o:apple:mac_os_x_server:10.2.3", "cpe:/o:apple:mac_os_x:10.0", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.2", "cpe:/o:apple:mac_os_x_server:10.3.5", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x:10.2.5", "cpe:/o:apple:mac_os_x_server:10.1.4", "cpe:/o:apple:mac_os_x_server:10.2", "cpe:/o:apple:mac_os_x_server:10.3.3", "cpe:/o:apple:mac_os_x:10.6.0", "cpe:/o:apple:mac_os_x:10.6.1", "cpe:/o:apple:mac_os_x:10.6.7", "cpe:/o:apple:mac_os_x_server:10.6.3", "cpe:/o:apple:mac_os_x_server:10.0.2", "cpe:/o:apple:mac_os_x:10.4.10", "cpe:/o:apple:mac_os_x_server:10.6.4", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.0.3", "cpe:/o:apple:mac_os_x:10.0.3", "cpe:/o:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.2.7", "cpe:/o:apple:mac_os_x:10.3.5", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x_server:10.7.1", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.1.1", "cpe:/o:apple:mac_os_x:10.6.6", "cpe:/o:apple:mac_os_x_server:10.6.6", "cpe:/o:apple:mac_os_x_server:10.3.1", "cpe:/o:apple:mac_os_x_server:10.0.4", "cpe:/o:apple:mac_os_x_server:10.1.2", "cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.2.1", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x:10.1.5", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x_server:10.2.1", "cpe:/o:apple:mac_os_x:10.3.7", "cpe:/o:apple:mac_os_x_server:10.2.0", "cpe:/o:apple:mac_os_x_server:10.3.9", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x:10.2.3", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.6.2", "cpe:/o:apple:mac_os_x:10.0.4", "cpe:/o:apple:mac_os_x:10.6.5", "cpe:/o:apple:mac_os_x:10.1", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x:10.3.3", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x_server:10.6.8", "cpe:/o:apple:mac_os_x_server:10.3.2", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.7.1", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/o:apple:mac_os_x:10.0.0", "cpe:/o:apple:mac_os_x_server:10.1.3", "cpe:/o:apple:mac_os_x:10.2.2", "cpe:/o:apple:mac_os_x:10.3.6", "cpe:/o:apple:mac_os_x_server:10.6.1", "cpe:/o:apple:mac_os_x_server:10.3.6"], "id": "CVE-2011-3228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3228", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.0:*:*:*:*:*:*:*"]}], "checkpoint_advisories": [{"lastseen": "2022-11-28T07:11:34", "description": "A remote code execution vulnerability has been reported in Apple QuickTime.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "checkpoint_advisories", "title": "Apple QuickTime JPEG 2000 COD Length Integer Underflow (CVE-2011-3250)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3250"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-168", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}]}

QuickTime &lt; 7.7.1 Multiple Vulnerabilities (Windows)

Description

Related

QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)