Apple Releases QuickTime 7.7.1

Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5016 a...

Apple Mac OS X CoreMedia H.264编码视频文件缓冲区溢出漏洞

BUGTRAQ ID: 50068 CVE ID: CVE-2011-3219 Mac OS X是苹果家族机器所使用的操作系统。 Apple Mac OS X在实现上存在缓冲区溢出漏洞，此漏洞可影响CoreMedia组件，允许攻击者以当前用户权限执行任意代码。 当解析H.264流的Sequence Parameter Set数据时，会读取帧剪裁偏移字段，当这些字段包含错误数据时，Quicktime会最终在视频流所分配的缓冲区之外写入，造成任意代码执行。 Apple Mac OS X 10.x Apple MacOS X Server 10.6.x 厂商补丁： Apple -----...

Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...

Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability

ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-295 October 18, 2011 -- CVE ID: CVE-2011-3222 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime...

Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006. OpenVAS Vulnerability Test $Id: gbmacosxsu11-006.nasl 7029 2017-08-31 11:51:40Z teissa $ Mac OS X v10.6.8 Multiple Vulnerabilities 2011-006 Authors: Rachana Shetty Copyright:...

Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

CVE-2011-3223

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLIC movie file...

CVE-2011-3228

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted movie file...

CVE-2011-3220

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file...

CVE-2011-3218

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by spoofing the http server during local viewing of an exported...

CVE-2011-3222

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FlashPix file...

CVE-2011-3221

QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted file...

CVE-2011-0224

CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted QuickTime movie file...

Cross site scripting

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by spoofing the http server during local viewing of an exported...

Code injection

QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted file...

Memory corruption

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted movie file...

Buffer overflow

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLIC movie file...

Buffer overflow

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FlashPix file...

Memory corruption

CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted QuickTime movie file...