US-CERT Technical Cyber Security Alert TA07-310A -- Apple QuickTime Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime...

iDefense Security Advisory 11.05.07: Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability

iDefense Security Advisory 11.05.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 05, 2007 I. BACKGROUND QuickTime is Apple's media player product used to render video and other media. For more information visit http://www.apple.com/quicktime/ QuickTime VR virtual reality is a type o...

QuickTime < 7.3 Multiple Vulnerabilities (Windows)

The version of QuickTime installed on the remote Windows host is older than 7.3. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted file with QuickTime. C Tenable Network...

QuickTime < 7.3 Multiple Vulnerabilities (Mac OS X)

The version of QuickTime installed on the remote Mac OS X host is older than 7.3. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted file with QuickTime. C Tenable Network...

QuickTime < 7.3 Multiple Vulnerabilities

Binary data 4277.prm...

Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type...

Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If ...

Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsR...

Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading th...

CVE-2003-1414

CVE-2003-1414 describes a directory traversal vulnerability in the parse_xml.cgi component of Apple Darwin Streaming Server 4.1.2 and Apple QuickTime Streaming Server 4.1.1. The issue allows remote attackers to read arbitrary files by manipulating the filename parameter. The vulnerability affects...

Design/Logic Flaw

Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045...

CVE-2007-4673

Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045...

CVE-2007-4673

Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045...

CVE-2007-4673

CVE-2007-4673 is an argument-injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista. The issue allows remote attackers to execute arbitrary commands via a URL contained in the qtnext field of a crafted QuickTime QTL file. The description notes potential relation to CVE-2006-4...

QuickTime < 7.2 Security Update (Windows)

The version of QuickTime installed on the remote Windows host may allow a remote attacker to execute arbitrary code if he can trick a user on the affected system into opening a specially crafted QTL file. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26916;...

Apple QuickTime for Windows Remote Code Execution Vulnerability

Description QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely . Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the...

CVE-2007-5045

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...

Design/Logic Flaw

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...

CVE-2007-5045

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...

CVE-2007-5045

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...