Design/Logic Flaw

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as...

CVE-2009-1537

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as...

CVE-2009-1537

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as...

CVE-2009-1537

Summary of CVE-2009-1537 (DirectShow QuickTime parsing): A remote code execution vulnerability exists in the DirectShow QuickTime Movie Parser Filter (quartz.dll) within DirectX, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, and potentially DirectX 7.0–9.0c. Exploitation requires a...

PT-2009-4034

Name of the Vulnerable Software and Affected Versions: Microsoft DirectX versions 7.0 through 9.0c Description: The issue allows remote attackers to execute arbitrary code via a crafted QuickTime media file. This has been exploited in the wild. Recommendations: For Microsoft DirectX versions 7.0...

VulnCheck KEV: CVE-2009-1537

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as...

ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability

ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-021 May 13, 2009 -- CVE ID: CVE-2009-0010 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

Microsoft warns of dangerous DirectShow flaw, attacks

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support. The company has activated its security response process to deal with the zero-day attacks has issued a pre-patc...

Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability

Description Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle QuickTime media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application...

openSUSE 10 Security Update : xine-devel (xine-devel-6230)

This update of xine-lib fixes an integer overflow in the qterror parsetrakatom function in that leads to a heap-based overflow and allows remote attackers to execute arbitrary code via a malformed Quicktime movie file. CVE-2009-1274 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Apple QuickTime 7.4.1 - Null Pointer Dereference Denial of Service

Apple QuickTime 7.4.1 - Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/35359/info Apple QuickTime is prone to a denial-of-service vulnerability. Note that an attacker will exploit this issue through the Safari browser by enticing a user to visit a malicious...

Apple QuickTime 7.4.1 - Null Pointer Dereference Denial of Service

source: https://www.securityfocus.com/bid/35359/info Apple QuickTime is prone to a denial-of-service vulnerability. Note that an attacker will exploit this issue through the Safari browser by enticing a user to visit a malicious site. This will crash the user's browser. Successful exploits may...

Integer overflow

Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a PICT image with a crafted 0x77 Poly tag and a crafted length field, whi...

CVE-2009-0010

CVE-2009-0010 is a QuickTime/Apple QuickDraw vulnerability affecting Apple QuickTime and Mac OS X. The issue is a heap-based buffer overflow in parsing PICT images, triggered by a crafted 0x77 Poly tag length, which can lead to remote code execution or a crash. Public disclosures cite affected pr...

Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application...

Ubuntu 7.10 / 8.04 LTS / 8.10 : gst-plugins-good0.10 vulnerabilities (USN-736-1)

It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample ctts atom data in Quicktime mov movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the...

Mandriva Linux Security Advisory : xine-lib (MDVSA-2009:020)

Failure on Ogg files manipulation can lead remote attackers to cause a denial of service by using crafted files CVE-2008-3231. Failure on manipulation of either MNG or Real or MOD files can lead remote attackers to cause a denial of service by using crafted files CVE: CVE-2008-5233. Heap-based...

Mandriva Linux Security Advisory : gstreamer0.10-plugins-good (MDVSA-2009:035)

Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file CVE-2009-0386, CVE-2009-0387, CVE-2009-0397. The updated packages have been patched to prevent this. %NASLMINLEVEL...

Mandriva Update for mplayer MDVSA-2008:045 (mplayer)

Check for the Version of mplayer OpenVAS Vulnerability Test Mandriva Update for mplayer MDVSA-2008:045 mplayer Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CVE-2009-1274

Integer overflow in the qterror parsetrakatom function in demuxers/demuxqt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow...