5 matches found
Apple QuickTime 'STSZ' Atoms内存破坏漏洞
BUGTRAQ ID: 31546 CVE ID:CVE-2008-3626 CNCVE ID:CNCVE-20083626 Apple QuickTime是一款流行的媒体处理程序。 Apple QuickTime处理特殊构建的媒体文件存在问题,远程攻击者可以利用漏洞进行缓冲区溢出,可导致以应用程序权限执行任意指令。 问题存在于CallComponentFunctionWithStorage函数中对STSZ atoms的处理,当samplesizetable中的条目过大时,可触发内存破坏,可能以当前用户上下文执行任意指令。 Apple TV 2.1 Apple TV 2.0 Apple ...
Apple QuickTime Movie/PICT/QTVR多个远程漏洞
BUGTRAQ ID: 31086 CVE ID:CVE-2008-3615 CVE-2008-3635 CVE-2008-3624 CVE-2008-3625 CVE-2008-3614 CVE-2008-3626 CVE-2008-3627 CVE-2008-3628 CVE-2008-3629 CNCVE ID:CNCVE-20083615 CNCVE-20083635 CNCVE-20083624 CNCVE-20083625 CNCVE-20083614 CNCVE-20083626 CNCVE-20083627 CNCVE-20083628 CNCVE-20083629...
CVE-2008-3626
Apple QuickTime prior to 7.5.5 is affected by a memory-corruption vulnerability in CallComponentFunctionWithStorage when handling large entries in the STSZ atoms’ sample_size_table. A crafted movie file can allow remote attackers to execute arbitrary code or cause a denial of service. The issue a...
CVE-2008-3626
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the samplesizetable in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted mov...
ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability
ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-059 September 9, 2008 -- CVE ID: CVE-2008-3626 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPointTM IPS Customer Protection: TippingPoint IP...