Apple QTJava toQTPointer() Arbitrary Memory Access

This module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple QTJava toQTPointer...

Code injection

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

Memory corruption

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory location...

CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

CVE-2007-2388

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory location...

CVE-2007-2388

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory location...

CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

CVE-2007-2389

CVE-2007-2389 concerns Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The root cause is that QuickTime for Java does not clear memory before use, potentially allowing a remote attacker to read memory from a web browser via Java applets. Impact is memory disclosure from the browser contex...

CVE-2007-2388

CVE-2007-2388 affects Apple QuickTime for Java 7.1.6 on Mac OS X and Windows. The vulnerability arises from improper restriction of QTObject subclassing, allowing a remote attacker to execute arbitrary code via a web page that uses a user-defined class accessing unsafe functions to write to arbit...

Apple QuickTime Crafted Media File FlipFileTypeAtom_BtoN Integer Underflow (CVE-2007-2296)

MP4 is the official filename extension for MPEG-4 Part 14 files.These files are generally used to store digital audio and digital video streams.A vulnerability has been reported in Apple QuickTime. A remote attacker could trigger this vulnerability via a specially crafted MP4 file. Successful...

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor STSD atom size in a QuickTime movie...

CVE-2007-0754

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor STSD atom size in a QuickTime movie...

CVE-2007-0754

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor STSD atom size in a QuickTime movie...

CVE-2007-0754

Apple QuickTime before 7.1.3 is affected by a heap-based buffer overflow in the STSD atom size parsing, allowing user-assisted remote code execution via a crafted QuickTime movie. The issue is tied to the STSD parsing path in QuickTime; vendor patch available in QuickTime 7.1.3. If not upgrading,...

Apple QuickTime / iTunes multiple vulnerabilities

Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing...

TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability

TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-07 May 10, 2007 -- CVE ID: CVE-2007-0754 -- Affected Vendor: Apple -- Affected Products: QuickTime Player 7.x -- TippingPointTM IPS Customer Protection: TippingPoint IPS customers...

ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability

ZDI-07-023: Apple QTJava toQTPointer Pointer Arithmetic Memory Overwrite Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-023.html May 1, 2007 -- CVE ID: CVE-2007-2175 -- Affected Vendor: Apple -- Affected Products: Quicktime -- TippingPointTM IPS Customer Protection: TippingPoint...

QuickTime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Windows)

According to its version, the installation of QuickTime on the remote Windows host contains a bug that might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage this issue to execute arbitrary code on the remote host by luring a victim into visiting a rog...

Quicktime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Mac OS X)

According to its version, the installation of Quicktime on the remote Mac OS X host which contains a bug which might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into...

Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability

Overview Apple QuickTime for Java contains a heap memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This...