Apple QuickTime "file: URL" arbitrary code execution

Overview Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. Description Apple QuickTime is a multiplatform multimedia software architecture which provides file format converters for more than 250 common image, video, and audio file...

QuickTime < 7.5 Multiple Vulnerabilities (Windows)

The version of QuickTime installed on the remote Windows host is older than 7.5. Such versions contain several vulnerabilities : - There are two heap-based buffer overflows in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution CVE-2008-1581 a...

QuickTime < 7.5 Multiple Vulnerabilities (Mac OS X)

The version of QuickTime installed on the remote Mac OS X host is older than 7.5. Such versions contain several vulnerabilities : - There is a heap-based buffer overflow in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution CVE-2008-1583. -...

Debian DSA-1586-1 : xine-lib - multiple vulnerabilities

Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2008-1482 Integer overflow vulnerabilities exis...

Design/Logic Flaw

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a...

CVE-2008-2010

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a...

CVE-2008-2010

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a...

CVE-2008-2010

CVE-2008-2010 is tied to Apple QuickTime Player vulnerabilities. Connected OpenVAS data show two concrete items: (1) a buffer overflow in QuickTime Player 7.3.1.70 and other versions before 7.4.1 when RTSP tunneling is enabled, allowing remote code execution via a long Reason-Phrase in an RTSP re...

Apple QuickTime多个远程安全漏洞

BUGTRAQ ID: 28583 CVECAN ID: CVE-2008-1013,CVE-2008-1014,CVE-2008-1015,CVE-2008-1016,CVE-2008-1017,CVE-2008-1018,CVE-2008-1019,CVE-2008-1020,CVE-2008-1021,CVE-2008-1022,CVE-2008-1023 Apple QuickTime是一款非常流行的多媒体播放器。 QuickTime的7.4.5之前版本存在多个安全漏洞，允许用户通过畸形的媒体文件获得敏感信息或完全入侵用户系统。 CVE-2008-1013...

ZDI-08-015: Apple QuickTime Clipping Region Heap Overflow Vulnerability

ZDI-08-015: Apple QuickTime Clipping Region Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-015 April 3, 2008 -- CVE ID: CVE-2008-1017 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

Apple QuickTime multiple security vulnerabilities

Buffer overflows and memory corruptions aon multiple file and stream formats...

ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability

ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-018 April 3, 2008 -- CVE ID: CVE-2008-1021 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- TippingPointTM IPS Customer Protection: TippingPoint...

ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability

ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-016 April 3, 2008 -- CVE ID: CVE-2008-1018 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- TippingPointTM IPS Customer Protection: TippingPoint...

ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability

ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-017 April 3, 2008 -- CVE ID: CVE-2008-1020 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- Vulnerability Details: This vulnerability allows attackers...

ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability

ZDI-08-019: Apple QuickTime Malformed VR obji Atom Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-019 April 3, 2008 -- CVE ID: CVE-2008-1022 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- TippingPointTM IPS Customer Protection...

ZDI-08-014: Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities

ZDI-08-014: Apple Quicktime Multiple Opcode Memory Corruption Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-08-014 April 3, 2008 -- CVE ID: CVE-2008-1019 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- Vulnerability Details: This vulnerability allows...

US-CERT Technical Cyber Security Alert TA08-094A -- Apple Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-094A Apple Updates for Multiple Vulnerabilities Original release date: April 3, 2008 Last revised: -- Source: US-CERT Systems Affected Apple Mac OS X running versions of QuickTime prior t...

ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability

ZDI-08-016: Apple QuickTime MP4A Atom Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-016 April 3, 2008 -- CVE ID: CVE-2008-1018 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- TippingPointTM IPS Customer Protection: TippingPoint...

Deserialization of untrusted data

Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet...

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor aka chan atom...