CVE-2009-2798

CVE-2009-2798 describes a heap-based buffer overflow in Apple QuickTime before 7.6.4 triggered by parsing a crafted FlashPix (.fpx) file. The flaw occurs during handling of sector-related fields, where multiplication of two 32-bit values leads to an undersized heap allocation, allowing a remote a...

CVE-2009-2203

The CVE-2009-2203 entry describes a buffer overflow in Apple QuickTime prior to 7.6.4 triggered by parsing MPEG-4 video files, which could allow remote code execution or cause a application crash/DoS. Apple released QuickTime 7.6.4 to address this issue (bounds checking improvements).

CVE-2009-2202

Apple QuickTime vulnerability CVE-2009-2202 exists in QuickTime’s handling of H.264 movie files and can allow remote code execution or a denial of service via memory corruption. In the OpenVAS/Nessus entries, the affected product is QuickTime on Mac OS X (and QuickTime on Windows), with the root ...

CVE-2009-2203

Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MPEG-4 video file...

QuickTime < 7.6.4 Multiple Vulnerabilities

Binary data 5159.prm...

QuickTime < 7.6.4 Multiple Vulnerabilities (Windows)

The version of QuickTime installed on the remote Windows host is older than 7.6.4. Such versions contain several vulnerabilities : - A memory corruption issue in QuickTime's handling of H.264 movie files may lead to an application crash or arbitrary code execution. CVE-2009-2202 - A buffer overfl...

QuickTime < 7.6.4 Multiple Vulnerabilities (Mac OS X)

The version of QuickTime installed on the remote Mac OS X host is older than 7.6.4. Such versions contain several vulnerabilities : - A memory corruption issue in QuickTime's handling of H.264 movie files may lead to an application crash or arbitrary code execution. CVE-2009-2202 - A buffer...

QuickTime < 7.6.4 Multiple Vulnerabilities

Binary data 801199.prm...

Apple QuickTime FlashPix Sector Size Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of...

Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of...

openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-540)

gstreamer-010: several heap overflows CVE-2009-0386, CVE-2009-0387,CVE-2009-0397 have been fixed. Remote attackers could exploit these to execute arbitrary code via QuickTime media files. if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502...

openSUSE Security Update : libxine1 (libxine1-856)

This update of libxine1 fixes an integer overflow in the qterror parsetrakatom function in that leads to a heap-based overflow and allows remote attackers to execute arbitrary code via a malformed Quicktime movie file. CVE-2009-1274 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-540)

gstreamer-010: several heap overflows CVE-2009-0386, CVE-2009-0387,CVE-2009-0397 have been fixed. Remote attackers could exploit these to execute arbitrary code via QuickTime media files. if !definedfunc"nasllevel" || nasllevel = 70000 && nasllevel = 70200 && nasllevel = 80000 && nasllevel 80502...

Microsoft DirectX QuickTime媒体文件解析代码执行漏洞(MS09-028)

BUGTRAQ ID: 35139 CVECAN ID: CVE-2009-1537 Microsoft DirectX是Windows操作系统中的一项功能，流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 DirectX的DirectShow组件（quartz.dll）在解析畸形的QuickTime媒体文件时存在错误，用户受骗打开了恶意的媒体文件就会导致执行任意代码。由于用户可能在浏览器中安装媒体播放插件，因此访问恶意网页就足以导致播放QuickTime文件，触发Quartz.dll中的漏洞。 Microsoft DirectX 9.0 Microsoft DirectX 8.1...

CVE-2009-1538

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute...

CVE-2009-1539

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute...

Input validation

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute...

Input validation

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute...

CVE-2009-1539

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute...

CVE-2009-1539

CVE-2009-1539 concerns a DirectShow DirectX/Quartz component (quartz.dll) in Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The QuickTime Movie Parser Filter fails to validate certain size fields in QuickTime media files, enabling remote code execution via a crafted file or streaming content....