3024 matches found
Null pointer dereference
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the MarshaledpUnk attribute, which triggers unmarshalling of an untrusted pointer...
CVE-2010-1818
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the MarshaledpUnk attribute, which triggers unmarshalling of an untrusted pointer...
CVE-2010-1818
CVE-2010-1818 affects Apple QuickTime QTPlugin.ocx (QuickTime 6.x and 7.x before 7.6.8). The vulnerability arises from an input validation error in the _Marshaled_pUnk parameter, triggering unmarshalling of an untrusted pointer and allowing remote code execution with the user’s privileges. Public...
Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx...
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
This module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit...
New Remote Flaw in Apple QuickTime Bypasses ASLR and DEP
A Spanish security researcher has discovered a new vulnerability in Apple’s QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime...
Apple QuickTime _Marshaled_pUnk Backdoor Parameter Code Execution
HTML Version http://www.reversemode.com/index.php?option=comcontent&task=view&id=69&Itemid=1 The scenario would be as follows: Victim prerequisites: Internet Explorer. XP,Vista,W7. Apple Quicktime 7.x, 6.x 2004 versions are also vulnerable, older versions not checked 1. Victim is enticed into...
Apple QuickTime '_Marshaled_pUnk' Remote Code Execution Vulnerability
Description Apple QuickTime is prone to a remote code-execution vulnerability that affects the 'QTPlugin.ocx' ActiveX control because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful...
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
$Id: applequicktimemarshaledpunk.rb 10196 2010-08-30 21:52:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Apple QuickTime - _Marshaled_pUnk Backdoor Client-Side Arbitrary Code Execution
Apple QuickTime - MarshaledpUnk Backdoor Client-Side Arbitrary Code Execution Original Source: http://reversemode.com/index.php?option=comcontent&task=view&id=69&Itemid=1 Victim prerequisites: Internet Explorer. XP,Vista,W7. Apple Quicktime 7.x, 6.x 2004 versions are also vulnerable, older versio...
Apple QuickTime - '_Marshaled_pUnk' Backdoor Client-Side Arbitrary Code Execution
Original Source: http://reversemode.com/index.php?option=comcontent&task=view&id=69&Itemid=1 Victim prerequisites: Internet Explorer. XP,Vista,W7. Apple Quicktime 7.x, 6.x 2004 versions are also vulnerable, older versions not checked 1. Victim is enticed into visiting, by any mean, a specially...
Apple QuickTime Streaming Debug Error Logging Buffer Overflow (CVE-2010-1799)
QuickTime is a media player application developed by Apple. It is capable of playing back numerous multimedia file formats from local file system or network servers. One of the media formats supported by Apple QuickTime is SMIL. A stack buffer overflow vulnerability exists in Apple QuickTime medi...
Owning Virtual Worlds For Fun and Profit
I’m a security researcher. I find bugs in software, they get fixed. I write exploits, they give me a shell. It’s more or less always the same and it gets kind of boring. But there was one exploit I helped write back in 2007 that was a little different. This is the story of that exploit. Second Li...
Apple QuickTime Crafted HTTP Error Response Buffer Overflow (CVE-2008-0234)
Apple QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video stream formats, which include RSTP. There exists a buffer overflow vulnerability in Apple QuickTime application. The flaw ...
CVE-2010-1799
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file...
Stack overflow
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file...
CVE-2010-1799
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file...
CVE-2010-1799
CVE-2010-1799 describes a stack-based buffer overflow in Apple QuickTime’s error-logging path on Windows, exploitable via a crafted SMIL/movie file to execute arbitrary code or cause a denial of service. Affected product/version: Apple QuickTime before 7.6.7 (Windows). Root cause: boundary/stack ...
Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow
$Id: applequicktimesmildebug.rb 10011 2010-08-13 23:11:23Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability
The host is running QuickTime Player and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbapplequicktimeplayerbofvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability Authors: Madhuri D Copyright:...