CVE-2006-5681

CVE-2006-5681 affects QuickTime for Java on Mac OS X 10.4–10.4.8 when used with Quartz Composer. A Java applet can access images rendered by other embedded QuickTime objects, allowing remote attackers to obtain sensitive screen images (confidentiality impact: partial). Root cause: Java applet lea...

CVE-2006-5681

QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information screen images via a Java applet that accesses images that are being rendered by other embedded QuickTime objects...

Apple Mac OS X Quicktime For Java信息泄露漏洞

Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X Quicktime For Java实现上存在漏洞，远程攻击者可能利用此漏洞获取用户本地图形相关的信息。 Java Applet可以使用Mac OS X所捆绑的QuickTime for Java通过嵌入的QuickTime对象获得在屏幕上所渲染的图形，并将图形上传到Web站点。如果结合Quartz Composer使用这个工具的话，就可能捕获包含有本地信息的图形。 Apple Mac OS X 10.4.8 Apple MacOS X Server 10.4.8...

Mac OS X Security Update 2006-008

The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2006-008 applied. This update fixes a flaw in QuickTime that may allow a rogue website to obtain the images rendered on the user screen. By combining this flaw with Quartz Composer, an attacker may be able to...

Quicktime crossite scripting

XML file with .MOV extension allows to execute script in local zone with qtnext parameter of EMBED tag with embedded short movie...

Unpatchable Quicktime XSS

More / Resource: http://mxcore.com/?go=forums&thread=103 The QuickTime texttrack exploit might be fixed, but there are many more methods of executing code via quicktime. One way, is to make a mx.mov file in notepad This is not a texttrack. Will not be patched in the next version of Quicktime. So,...

FreeBSD : win32-codecs -- multiple vulnerabilities (24f6b1eb-43d5-11db-81e1-000e0c2e438a)

The Apple Security Team reports that there are multiple vulnerabilities within QuickTime one of the plugins for win32-codecs. A remote attacker capable of creating a malicious SGI image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to execution of arbitrary code or cause a Denial o...

CVE-2006-4965

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...

CVE-2006-4965

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...

CVE-2006-4965

CVE-2006-4965 concerns Apple QuickTime 7.1.3 Player/Plug-In. The vulnerability allows remote attackers to run arbitrary JavaScript via a QuickTime Media Link (QTL) file containing an embed XML element and a qtnext parameter that can reference resources outside the original domain. As of 2007-09-1...

Multiple Apple QuickTime security vulnerabilities

Integer overflow on H.264 protocol parsing, heap buffer overflow on parsing FLIC files...

[SA22048] Apple QuickTime Plug-In Local Resource Linking Weakness

TITLE: Apple QuickTime Plug-In Local Resource Linking Weakness SECUNIA ADVISORY ID: SA22048 VERIFY ADVISORY: http://secunia.com/advisories/22048/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: pdp has...

Apple QuickTime Plug-In Arbitrary Script Execution Weakness

Description Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Althoug...

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script...

Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution

source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load...

[Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow

Hi, Apple Quicktime = 7.1 is prone to a heap overflow vulnerability. This flaw could lead to a remote code execution,if an attacker tricks the victim to visit a malicious webpage with a specially crafted .fli animation embedded. The flaw is located within the "COLOR64 chunk" Quicktime parser. Sin...

Apple QuickTime fails to properly handle FLC movies

Overview Apple QuickTime fails to properly handle FLC movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

QuickTime < 7.1.3 Multiple Vulnerabilities (Windows)

The remote Windows host is running a version of QuickTime prior to 7.1.3. The remote version of QuickTime is vulnerable to various integer and buffer overflows involving specially crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remo...

iDefense Security Advisory 09.12.06: Apple QuickTime FLIC File Heap Overflow Vulnerability

Apple QuickTime FLIC File Heap Overflow Vulnerability iDefense Security Advisory 09.12.06 http://www.idefense.com/intelligence/vulnerabilities/ Sep 12, 2006 I. BACKGROUND Quicktime is Apple's media player product used to render video and other media. For more information visit...

Apple QuickTime Player H.264 Codec Remote Integer Overflow

Apple QuickTime Player H.264 Codec Remote Integer Overflow by Piotr Bania [email protected] http://www.piotrbania.com All rights reserved. Severity: Critical - potencial remote code execution. CVE: CVE-2006-4386 Orginal URL:...