16 matches found
EUVD-2007-4688
Malware in sbrugna...
CVE-2011-0248
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted QTL file...
Stack overflow
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted QTL file...
CVE-2011-0248
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted QTL file...
Heap overflow
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file...
CVE-2007-4706
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file...
CVE-2007-4706
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file...
QuickTime < 7.3.1 Multiple Vulnerabilities (Mac OS X)
The version of QuickTime installed on the remote Mac OS X host is older than 7.3.1. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted RTSP movie, QTL file, or Flash media file...
CVE-2007-4673
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045...
CVE-2007-5045
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...
Design/Logic Flaw
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...
Apple Quicktime RTSP畸形URL处理缓冲区溢出漏洞
Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。 Apple QuickTime在处理畸形的RTSP协议URL时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 Apple QuickTime在处理带超长“src”参数的RTSP协议的URL串时存在栈缓冲区溢出漏洞,远程攻击者可以通过构造类似“rtsp://any character:256 bytes”的URL串诱使用户点击,系统调用QuickTime处理时导致溢出发生,执行攻击者的任意指令。 Apple QuickTime Player 7.x 临时解决方法:...
QuickTime rtsp src URL buffer overflow
Added: 01/04/2007 CVE: CVE-2007-0015 BID: 21829 OSVDB: 31023 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution when a user opens a specially crafted QTL file containing a long src parameter starting with rtsp:/...
CVE-2006-4965
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...
CVE-2006-4965
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...
CVE-2006-4965
CVE-2006-4965 concerns Apple QuickTime 7.1.3 Player/Plug-In. The vulnerability allows remote attackers to run arbitrary JavaScript via a QuickTime Media Link (QTL) file containing an embed XML element and a qtnext parameter that can reference resources outside the original domain. As of 2007-09-1...