{"kaspersky": [{"lastseen": "2020-09-02T11:54:57", "bulletinFamily": "info", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2014-1250", "CVE-2014-1249", "CVE-2013-1032", "CVE-2014-1244", "CVE-2014-1251", "CVE-2014-1243", "CVE-2014-1248", "CVE-2014-1247"], "description": "### *Detect date*:\n02/25/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nApple QuickTime versions 7.7.4. and earlier\n\n### *Solution*:\nUpdate to latest version \n[QuickTime](<http://www.apple.com/quicktime/download/>)\n\n### *Original advisories*:\n[Apple entry](<http://support.apple.com/kb/HT6151>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple QuickTime](<https://threats.kaspersky.com/en/product/Apple-QuickTime/>)\n\n### *CVE-IDS*:\n[CVE-2014-1244](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1244>)9.3Critical \n[CVE-2014-1245](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245>)9.3Critical \n[CVE-2014-1246](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246>)9.3Critical \n[CVE-2014-1247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247>)9.3Critical \n[CVE-2014-1249](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249>)9.3Critical \n[CVE-2014-1248](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248>)9.3Critical \n[CVE-2013-1032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032>)6.8High \n[CVE-2014-1250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250>)9.3Critical \n[CVE-2014-1243](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1243>)9.3Critical \n[CVE-2014-1251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1251>)9.3Critical", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2014-02-25T00:00:00", "id": "KLA10016", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10016", "title": "\r KLA10016Multiple vulnerabilities in Apple QuickTime ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2014-1250", "CVE-2014-1249", "CVE-2013-1032", "CVE-2014-1244", "CVE-2014-1251", "CVE-2014-1243", "CVE-2014-1248", "CVE-2014-1247"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-02-25-3 QuickTime 7.7.5\r\n\r\nQuickTime 7.7.5 is now available and addresses the following:\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized pointer issue existed in the handling\r\nof track lists. This issue was addressed through improved error\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1243 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.264\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1244 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An out of bounds byte swapping issue existed in the\r\nhandling of QuickTime image descriptions. This issue was addressed\r\nthrough improved bounds checking.\r\nCVE-ID\r\nCVE-2013-1032 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of 'stsz'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'ftab'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1246 : An anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n'dref' atoms. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'ldat'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted PSD image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PSD\r\nimages. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1249 : dragonltx of Tencent Security Team\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An out of bounds byte swapping issue existed in the\r\nhandling of 'ttfo' elements. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-1250 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'clef'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1251 : Aliz Hammond working with HP's Zero Day Initiative\r\n\r\nQuickTime 7.7.5 may be obtained from the QuickTime Downloads site:\r\nhttp://support.apple.com/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTDNezAAoJEPefwLHPlZEwA28P/24CQNEYClDxGO81zpafYO0R\r\nzNWNZiyxkcMWYGuDXvcN5HLiLiDwOkJqUMMkOxzCtsTKw69xopzlebzyZ4CS4YiZ\r\nJ4xQzzGjD3dOtseQLTHp1CRNXUl/sIgR1ztS+qCkmh5/QJlSEQlg/as9KlJ0RM2Q\r\nyzUfMjy92KZjmGRsEimFbI2xq9lMR1nwMC0pJvB4T670rK3SHEUs1lfpv2HNOAR7\r\n54s7OL8TU+L/xAo2HfS6+2LScKIrye7vsOMH0KuB3BiQ16HBYRQdL+tWV3HAF/Cl\r\nfk5EZQplKBcB3ljR6fvM3xv0xBtxo1AzYCuoJWu2Hr7kB/EsnBWKn/Tok6+6m0Fv\r\n7KlV1x6o23omqtFgXuI+wUm6Vp5q0kvnZghVIcZ+gWMa5utakYazCJ2v+HX8C0Jf\r\nexyk+l44APSEQ+n31HVEqcD8AfOj7HuRN/lP+N8KOPDMIMKEpvhvmB+x9+9b54y4\r\nc5S/zX2q3KQUra5/zGSmgMHeMAoMkvz+4bVZnINTzVx/gcROWhzPjv+R/pD/ofLR\r\n8rAQJvt9JOcrrfGnsk94ghimc6ZntpfMwkTLp82iRQcQuu5L5YR3lsAnZne1OExf\r\n8e9FVCbmdvoWsACPsvWvAhf0qoAX3B70lSybPXL8rYG+curfL0NlJb9ib6bho0wC\r\nkgqQGWbrFmVneRK/E72N\r\n=Kg2H\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:DOC:30334", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30334", "title": "APPLE-SA-2014-02-25-3 QuickTime 7.7.5", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1263", "CVE-2013-5178", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1257", "CVE-2014-1261", "CVE-2011-3389", "CVE-2014-1255", "CVE-2013-1862", "CVE-2014-1252", "CVE-2013-5139", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2014-1264", "CVE-2013-5179", "CVE-2014-1262", "CVE-2014-1254", "CVE-2013-5987", "CVE-2014-1266", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1260", "CVE-2014-1258"], "description": "Multiple vulnerabilities in Network and Graphics subsystems, SSL bypass, multiple libraries and applications vulnerabilities.", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:VULN:13583", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13583", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1263", "CVE-2013-5178", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1257", "CVE-2014-1261", "CVE-2011-3389", "CVE-2014-1255", "CVE-2013-1862", "CVE-2014-1252", "CVE-2013-5139", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2014-1264", "CVE-2013-5179", "CVE-2014-1262", "CVE-2014-1254", "CVE-2013-5987", "CVE-2014-1266", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1260", "CVE-2014-1258"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update\r\n2014-001\r\n\r\nOS X Mavericks 10.9.2 and Security Update 2014-001 is now available\r\nand addresses the following:\r\n\r\nApache\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Multiple vulnerabilities existed in Apache, the most\r\nserious of which may lead to cross-site scripting. These issues were\r\naddressed by updating Apache to version 2.2.26.\r\nCVE-ID\r\nCVE-2013-1862\r\nCVE-2013-1896\r\n\r\nApp Sandbox\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: The App Sandbox may be bypassed\r\nDescription: The LaunchServices interface for launching an\r\napplication allowed sandboxed apps to specify the list of arguments\r\npassed to the new process. A compromised sandboxed application could\r\nabuse this to bypass the sandbox. This issue was addressed by\r\npreventing sandboxed applications from specifying arguments. This\r\nissue does not affect systems running OS X Mavericks 10.9 or later.\r\nCVE-ID\r\nCVE-2013-5179 : Friedrich Graeter of The Soulmen GbR\r\n\r\nATS\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nhandling of Type 1 fonts. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1254 : Felix Groebert of the Google Security Team\r\n\r\nATS\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: The App Sandbox may be bypassed\r\nDescription: A memory corruption issue existed in the handling of\r\nMach messages passed to ATS. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-1262 : Meder Kydyraliev of the Google Security Team\r\n\r\nATS\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: The App Sandbox may be bypassed\r\nDescription: An arbitrary free issue existed in the handling of Mach\r\nmessages passed to ATS. This issue was addressed through additional\r\nvalidation of Mach messages.\r\nCVE-ID\r\nCVE-2014-1255 : Meder Kydyraliev of the Google Security Team\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: The App Sandbox may be bypassed\r\nDescription: A buffer overflow issue existed in the handling of Mach\r\nmessages passed to ATS. This issue was addressed by additional bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1256 : Meder Kydyraliev of the Google Security Team\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Root certificates have been updated\r\nDescription: The set of system root certificates has been updated.\r\nThe complete list of recognized system roots may be viewed via the\r\nKeychain Access application.\r\n\r\nCFNetwork Cookies\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Session cookies may persist even after resetting Safari\r\nDescription: Resetting Safari did not always delete session cookies\r\nuntil Safari was closed. This issue was addressed through improved\r\nhandling of session cookies. This issue does not affect systems\r\nrunning OS X Mavericks 10.9 or later.\r\nCVE-ID\r\nCVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 and 10.9.1\r\nImpact: Visiting a maliciously crafted site may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in CoreAnimation's\r\nhandling of images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1258 : Karl Smith of NCC Group\r\n\r\nCoreText\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: Applications that use CoreText may be vulnerable to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in CoreText in the handling\r\nof Unicode fonts. This issue is addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs\r\n\r\ncurl\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: When using curl to connect to an HTTPS URL containing\r\nan IP address, the IP address was not validated against the\r\ncertificate. This issue does not affect systems prior to OS X\r\nMavericks v10.9.\r\nCVE-ID\r\nCVE-2014-1263 : Roland Moriz of Moriz GmbH\r\n\r\nData Security\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: An attacker with a privileged network position may capture\r\nor modify data in sessions protected by SSL/TLS\r\nDescription: Secure Transport failed to validate the authenticity of\r\nthe connection. This issue was addressed by restoring missing\r\nvalidation steps.\r\nCVE-ID\r\nCVE-2014-1266\r\n\r\nDate and Time\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: An unprivileged user may change the system clock\r\nDescription: This update changes the behavior of the systemsetup\r\ncommand to require administrator privileges to change the system\r\nclock.\r\nCVE-ID\r\nCVE-2014-1265\r\n\r\nFile Bookmark\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing a file with a maliciously crafted name may lead to\r\nan unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of file\r\nnames. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1259\r\n\r\nFinder\r\nAvailable for: OS X Mavericks 10.9 and 10.9.1\r\nImpact: Accessing a file's ACL via Finder may lead to other users\r\ngaining unauthorized access to files\r\nDescription: Accessing a file's ACL via Finder may corrupt the ACLs\r\non the file. This issue was addressed through improved handling of\r\nACLs.\r\nCVE-ID\r\nCVE-2014-1264\r\n\r\nImageIO\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing a maliciously crafted JPEG file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nlibjpeg's handling of JPEG markers, resulting in the disclosure of\r\nmemory contents. This issue was addressed by better JPEG handling.\r\nCVE-ID\r\nCVE-2013-6629 : Michal Zalewski\r\n\r\nIOSerialFamily\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: An out of bounds array access existed in the\r\nIOSerialFamily driver. This issue was addressed through additional\r\nbounds checking. This issue does not affect systems running OS X\r\nMavericks v10.9 or later.\r\nCVE-ID\r\nCVE-2013-5139 : @dent1zt\r\n\r\nLaunchServices\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5\r\nImpact: A file could show the wrong extension\r\nDescription: An issue existed in the handling of certain unicode\r\ncharacters that could allow filenames to show incorrect extensions.\r\nThe issue was addressed by filtering unsafe unicode characters from\r\ndisplay in filenames. This issue does not affect systems running OS X\r\nMavericks v10.9 or later.\r\nCVE-ID\r\nCVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre\r\nof Intego\r\n\r\nNVIDIA Drivers\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Executing a malicious application could result in arbitrary\r\ncode execution within the graphics card\r\nDescription: An issue existed that allowed writes to some trusted\r\nmemory on the graphics card. This issue was addressed by removing the\r\nability of the host to write to that memory.\r\nCVE-ID\r\nCVE-2013-5986 : Marcin Koscielnicki from the X.Org Foundation\r\nNouveau project\r\nCVE-2013-5987 : Marcin Koscielnicki from the X.Org Foundation\r\nNouveau project\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP, the most\r\nserious of which may have led to arbitrary code execution. These\r\nissues were addressed by updating PHP to version 5.4.22 on OS X\r\nMavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.\r\nCVE-ID\r\nCVE-2013-4073\r\nCVE-2013-4113\r\nCVE-2013-4248\r\nCVE-2013-6420\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Downloading a maliciously crafted Microsoft Office file may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in QuickLook's\r\nhandling of Microsoft Office files. Downloading a maliciously crafted\r\nMicrosoft Office file may have led to an unexpected application\r\ntermination or arbitrary code execution. This issue does not affect\r\nsystems running OS X Mavericks 10.9 or later.\r\nCVE-ID\r\nCVE-2014-1260 : Felix Groebert of the Google Security Team\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 and 10.9.1\r\nImpact: Downloading a maliciously crafted Microsoft Word document\r\nmay lead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A double free issue existed in QuickLook's handling of\r\nMicrosoft Word documents. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2014-1252 : Felix Groebert of the Google Security Team\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'ftab'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1246 : An anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n'dref' atoms. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'ldat'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Viewing a maliciously crafted PSD image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PSD\r\nimages. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1249 : dragonltx of Tencent Security Team\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An out of bounds byte swapping issue existed in the\r\nhandling of 'ttfo' elements. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-1250 : Jason Kratzer working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of 'stsz'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day\r\nInitiative\r\n\r\nSecure Transport\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There were known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode.\r\nTo address these issues for applications using Secure Transport, the\r\n1-byte fragment mitigation was enabled by default for this\r\nconfiguration.\r\nCVE-ID\r\nCVE-2011-3389 : Juliano Rizzo and Thai Duong\r\n\r\nOS X Mavericks v10.9.2 includes the content of Safari 7.0.2. \r\n\r\nOS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from \r\nthe Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn\r\nmlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6\r\nU0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb\r\nOlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ\r\n3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8\r\nC6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY\r\nY7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O\r\nt2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX\r\niB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ\r\nq5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv\r\nkBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI\r\naiYIh+SzR0rBdMZRgyzv\r\n=+DAJ\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:DOC:30335", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30335", "title": "APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-1028", "CVE-2013-1026", "CVE-2013-1032", "CVE-2013-1025", "CVE-2013-5163", "CVE-2013-1033", "CVE-2013-1030", "CVE-2013-1029", "CVE-2013-1031", "CVE-2013-1027"], "description": "Different vulnerabilities in multiple sustem components.", "edition": 1, "modified": "2013-10-05T00:00:00", "published": "2013-10-05T00:00:00", "id": "SECURITYVULNS:VULN:13327", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13327", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-0166", "CVE-2013-1028", "CVE-2013-2266", "CVE-2012-4558", "CVE-2013-0169", "CVE-2013-1903", "CVE-2013-1643", "CVE-2013-2110", "CVE-2013-1026", "CVE-2012-2687", "CVE-2012-2686", "CVE-2012-0883", "CVE-2013-1032", "CVE-2013-1025", "CVE-2012-3817", "CVE-2013-2020", "CVE-2012-5688", "CVE-2013-1824", "CVE-2012-5166", "CVE-2013-1033", "CVE-2012-4244", "CVE-2013-1030", "CVE-2013-1901", "CVE-2013-1902", "CVE-2012-3499", "CVE-2013-1635", "CVE-2013-1029", "CVE-2013-1031", "CVE-2013-1900", "CVE-2013-2021", "CVE-2013-1899", "CVE-2013-1027"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update\r\n2013-004\r\n\r\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 is now\r\navailable and addresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Multiple vulnerabilities existed in Apache, the most\r\nserious of which may lead to cross-site scripting. These issues were\r\naddressed by updating Apache to version 2.2.24.\r\nCVE-ID\r\nCVE-2012-0883\r\nCVE-2012-2687\r\nCVE-2012-3499\r\nCVE-2012-4558\r\n\r\nBind\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple vulnerabilities existed in BIND, the most\r\nserious of which may lead to a denial of service. These issues were\r\naddressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not\r\naffect Mac OS X v10.7 systems.\r\nCVE-ID\r\nCVE-2012-3817\r\nCVE-2012-4244\r\nCVE-2012-5166\r\nCVE-2012-5688\r\nCVE-2013-2266\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Root certificates have been updated\r\nDescription: Several certificates were added to or removed from the\r\nlist of system roots. The complete list of recognized system roots\r\nmay be viewed via the Keychain Access application.\r\n\r\nClamAV\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5\r\nImpact: Multiple vulnerabilities in ClamAV\r\nDescription: Multiple vulnerabilities exist in ClamAV, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by updating ClamAV to version 0.97.8.\r\nCVE-ID\r\nCVE-2013-2020\r\nCVE-2013-2021\r\n\r\nCoreGraphics\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JBIG2\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1025 : Felix Groebert of the Google Security Team\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1026 : Felix Groebert of the Google Security Team\r\n\r\nInstaller\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Packages could be opened after certificate revocation\r\nDescription: When Installer encountered a revoked certificate, it\r\nwould present a dialog with an option to continue. The issue was\r\naddressed by removing the dialog and refusing any revoked package.\r\nCVE-ID\r\nCVE-2013-1027\r\n\r\nIPSec\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: An attacker may intercept data protected with IPSec Hybrid\r\nAuth\r\nDescription: The DNS name of an IPSec Hybrid Auth server was not\r\nbeing matched against the certificate, allowing an attacker with a\r\ncertificate for any server to impersonate any other. This issue was\r\naddressed by properly checking the certificate.\r\nCVE-ID\r\nCVE-2013-1028 : Alexander Traud of www.traud.de\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\r\nImpact: A local network user may cause a denial of service\r\nDescription: An incorrect check in the IGMP packet parsing code in\r\nthe kernel allowed a user who could send IGMP packets to the system\r\nto cause a kernel panic. The issue was addressed by removing the\r\ncheck.\r\nCVE-ID\r\nCVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.\r\n\r\nMobile Device Management\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Passwords may be disclosed to other local users\r\nDescription: A password was passed on the command-line to mdmclient,\r\nwhich made it visible to other users on the same system. The issue\r\nwas addressed by communicating the password through a pipe.\r\nCVE-ID\r\nCVE-2013-1030 : Per Olofsson at the University of Gothenburg\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: Multiple vulnerabilities existed in OpenSSL, the most\r\nserious of which may lead to disclosure of user data. These issues\r\nwere addressed by updating OpenSSL to version 0.9.8y.\r\nCVE-ID\r\nCVE-2012-2686\r\nCVE-2013-0166\r\nCVE-2013-0169\r\n\r\nPHP\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nwere addressed by updating PHP to version 5.3.26.\r\nCVE-ID\r\nCVE-2013-1635\r\nCVE-2013-1643\r\nCVE-2013-1824\r\nCVE-2013-2110\r\n\r\nPostgreSQL\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Multiple vulnerabilities in PostgreSQL\r\nDescription: Multiple vulnerabilities exist in PostgreSQL, the most\r\nserious of which may lead to data corruption or privilege escalation.\r\nThis update addresses the issues by updating PostgreSQL to version\r\n9.0.13.\r\nCVE-ID\r\nCVE-2013-1899\r\nCVE-2013-1900\r\nCVE-2013-1901\r\nCVE-2013-1902\r\nCVE-2013-1903\r\n\r\nPower Management\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\r\nImpact: The screen saver may not start after the specified time\r\nperiod\r\nDescription: A power assertion lock issue existed. This issue was\r\naddressed through improved lock handling.\r\nCVE-ID\r\nCVE-2013-1031\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n'idsc' atoms in QuickTime movie files. This issue was addressed\r\nthrough additional bounds checking.\r\nCVE-ID\r\nCVE-2013-1032 : Jason Kratzer working with iDefense VCP\r\n\r\nScreen Lock\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\r\nImpact: A user with screen sharing access may be able to bypass the\r\nscreen lock when another user is logged in\r\nDescription: A session management issue existed in the screen lock's\r\nhandling of screen sharing sessions. This issue was addressed through\r\nimproved session tracking.\r\nCVE-ID\r\nCVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq\r\n\r\nNote: OS X Mountain Lion v10.8.5 also addresses an issue where\r\ncertain Unicode strings could cause applications to unexpectedly\r\nterminate.\r\n\r\n\r\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 may be\r\nobtained from the Software Update pane in System Preferences,\r\nor Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nOS X Mountain Lion v10.8.5, or Security Update\r\n2013-004.\r\n\r\nFor OS X Mountain Lion v10.8.4\r\nThe download file is named: OSXUpd10.8.5.dmg\r\nIts SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11\r\n\r\nFor OS X Mountain Lion v10.8 and v10.8.3\r\nThe download file is named: OSXUpdCombo10.8.5.dmg\r\nIts SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2\r\n\r\nFor OS X Lion v10.7.5\r\nThe download file is named: SecUpd2013-004.dmg\r\nIts SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0\r\n\r\nFor OS X Lion Server v10.7.5\r\nThe download file is named: SecUpdSrvr2013-004.dmg\r\nIts SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2013-004.dmg\r\nIts SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2013-004.dmg\r\nIts SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4\r\nQxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc\r\n+WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ\r\nbZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN\r\n1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3\r\nH9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ\r\nhDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ\r\n8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa\r\nV2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl\r\nytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I\r\nyoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn\r\nvBrJ5gm+nnyRe2TUMAwz\r\n=h9hc\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2013-10-03T00:00:00", "published": "2013-10-03T00:00:00", "id": "SECURITYVULNS:DOC:29893", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29893", "title": "APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T05:20:44", "description": "The version of QuickTime installed on the remote Windows host is\nearlier than 7.7.5. It is, therefore, reportedly affected by the\nfollowing vulnerabilities :\n\n - Out-of-bounds byte swapping issues exist in the\n handling of QuickTime image descriptions and 'ttfo'\n elements. (CVE-2013-1032, CVE-2014-1250)\n\n - An uninitialized pointer issue exists in the handling of\n track lists. (CVE-2014-1243)\n\n - Buffer overflow vulnerabilities exist in the handling of\n H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms,\n PSD images, and 'clef' atoms. (CVE-2014-1244,\n CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)\n\n - A signedness issue exists in the handling of 'stsz'\n atoms. (CVE-2014-1245)\n\n - A memory corruption issue exists in the handling of\n 'dref' atoms. (CVE-2014-1247)\n\nSuccessful exploitation of these issues could result in program\ntermination or arbitrary code execution, subject to the user's\nprivileges.", "edition": 26, "published": "2014-02-26T00:00:00", "title": "QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2014-1250", "CVE-2014-1249", "CVE-2013-1032", "CVE-2014-1244", "CVE-2014-1251", "CVE-2014-1243", "CVE-2014-1248", "CVE-2014-1247"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:apple:quicktime"], "id": "QUICKTIME_775.NASL", "href": "https://www.tenable.com/plugins/nessus/72706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(72706);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2013-1032\",\n \"CVE-2014-1243\",\n \"CVE-2014-1244\",\n \"CVE-2014-1245\",\n \"CVE-2014-1246\",\n \"CVE-2014-1247\",\n \"CVE-2014-1248\",\n \"CVE-2014-1249\",\n \"CVE-2014-1250\",\n \"CVE-2014-1251\"\n );\n script_bugtraq_id(62375, 65777, 65784, 65786, 65787);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-02-25-3\");\n\n script_name(english:\"QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks version of QuickTime on Windows\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains an application that may be affected\nby multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of QuickTime installed on the remote Windows host is\nearlier than 7.7.5. It is, therefore, reportedly affected by the\nfollowing vulnerabilities :\n\n - Out-of-bounds byte swapping issues exist in the\n handling of QuickTime image descriptions and 'ttfo'\n elements. (CVE-2013-1032, CVE-2014-1250)\n\n - An uninitialized pointer issue exists in the handling of\n track lists. (CVE-2014-1243)\n\n - Buffer overflow vulnerabilities exist in the handling of\n H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms,\n PSD images, and 'clef' atoms. (CVE-2014-1244,\n CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)\n\n - A signedness issue exists in the handling of 'stsz'\n atoms. (CVE-2014-1245)\n\n - A memory corruption issue exists in the handling of\n 'dref' atoms. (CVE-2014-1247)\n\nSuccessful exploitation of these issues could result in program\ntermination or arbitrary code execution, subject to the user's\nprivileges.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-044/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-045/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-046/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-047/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-048/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-049/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/531268/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to QuickTime 7.7.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"SMB/QuickTime/\";\n\nversion = get_kb_item_or_exit(kb_base+\"Version\");\npath = get_kb_item_or_exit(kb_base+\"Path\");\n\nversion_ui = get_kb_item(kb_base+\"Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nfixed_version = \"7.75.80.95\";\nfixed_version_ui = \"7.7.5 (1680.95.13)\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : '+fixed_version_ui+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\naudit(AUDIT_INST_PATH_NOT_VULN, 'QuickTime Player', version_report, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:41:34", "description": "The remote host is running a version of Mac OS X 10.7 or 10.8 that\ndoes not have Security Update 2014-001 applied. This update contains\nseveral security-related fixes for the following components :\n\n - Apache\n - App Sandbox\n - ATS\n - Certificate Trust Policy\n - CFNetwork Cookies\n - CoreAnimation\n - Date and Time\n - File Bookmark\n - ImageIO\n - IOSerialFamily\n - LaunchServices\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n - Secure Transport\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-02-25T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2013-5178", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1257", "CVE-2011-3389", "CVE-2013-1862", "CVE-2014-1252", "CVE-2013-5139", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2013-5179", "CVE-2014-1254", "CVE-2013-5987", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1260", "CVE-2014-1258"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2014-001.NASL", "href": "https://www.tenable.com/plugins/nessus/72688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(72688);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-4073\",\n \"CVE-2013-4113\",\n \"CVE-2013-4248\",\n \"CVE-2013-5139\",\n \"CVE-2013-5178\",\n \"CVE-2013-5179\",\n \"CVE-2013-5986\",\n \"CVE-2013-5987\",\n \"CVE-2013-6420\",\n \"CVE-2013-6629\",\n \"CVE-2014-1245\",\n \"CVE-2014-1246\",\n \"CVE-2014-1247\",\n \"CVE-2014-1248\",\n \"CVE-2014-1249\",\n \"CVE-2014-1250\",\n \"CVE-2014-1252\",\n \"CVE-2014-1254\",\n \"CVE-2014-1256\",\n \"CVE-2014-1257\",\n \"CVE-2014-1258\",\n \"CVE-2014-1259\",\n \"CVE-2014-1260\",\n \"CVE-2014-1265\"\n );\n script_bugtraq_id(\n 49778,\n 59826,\n 60843,\n 61128,\n 61129,\n 62536,\n 63311,\n 63343,\n 63676,\n 64225,\n 64525,\n 65113,\n 65208,\n 65777\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-02-25-1\");\n script_xref(name:\"CERT\", value:\"864643\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)\");\n script_summary(english:\"Check for the presence of Security Update 2014-001.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.7 or 10.8 that\ndoes not have Security Update 2014-001 applied. This update contains\nseveral security-related fixes for the following components :\n\n - Apache\n - App Sandbox\n - ATS\n - Certificate Trust Policy\n - CFNetwork Cookies\n - CoreAnimation\n - Date and Time\n - File Bookmark\n - ImageIO\n - IOSerialFamily\n - LaunchServices\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n - Secure Transport\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT202932\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531263/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2014-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = '2014-001';\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:'-');\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\nelse if (\"Mac OS X 10.7\" >< os && !ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Lion later than 10.7.5.\");\nelse if (\"Mac OS X 10.8\" >< os && !ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Lion later than 10.8.5.\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nset_kb_item(name:'www/0/XSS', value:TRUE);\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:39:30", "description": "The remote host is running a version of Mac OS X 10.9.x that is prior\nto 10.9.2. This update contains several security-related fixes for the\nfollowing components :\n\n - Apache\n - ATS\n - Certificate Trust Policy\n - CoreAnimation\n - CoreText\n - curl\n - Data Security\n - Date and Time\n - File Bookmark\n - Finder\n - ImageIO\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.", "edition": 28, "published": "2014-02-25T00:00:00", "title": "Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1263", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2014-1261", "CVE-2014-1255", "CVE-2013-1862", "CVE-2014-1252", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2014-1264", "CVE-2014-1262", "CVE-2014-1254", "CVE-2013-5987", "CVE-2014-1266", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629", "CVE-2014-1258"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_9_2.NASL", "href": "https://www.tenable.com/plugins/nessus/72687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(72687);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-4073\",\n \"CVE-2013-4113\",\n \"CVE-2013-4248\",\n \"CVE-2013-5986\",\n \"CVE-2013-5987\",\n \"CVE-2013-6420\",\n \"CVE-2013-6629\",\n \"CVE-2014-1245\",\n \"CVE-2014-1246\",\n \"CVE-2014-1247\",\n \"CVE-2014-1248\",\n \"CVE-2014-1249\",\n \"CVE-2014-1250\",\n \"CVE-2014-1252\",\n \"CVE-2014-1254\",\n \"CVE-2014-1255\",\n \"CVE-2014-1256\",\n \"CVE-2014-1258\",\n \"CVE-2014-1259\",\n \"CVE-2014-1261\",\n \"CVE-2014-1262\",\n \"CVE-2014-1263\",\n \"CVE-2014-1264\",\n \"CVE-2014-1265\",\n \"CVE-2014-1266\"\n );\n script_bugtraq_id(\n 59826,\n 60843,\n 61128,\n 61129,\n 61776,\n 63676,\n 64225,\n 64525,\n 65113,\n 65208,\n 65738,\n 65777\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-02-25-1\");\n\n script_name(english:\"Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a certificate\nvalidation weakness.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.9.x that is prior\nto 10.9.2. This update contains several security-related fixes for the\nfollowing components :\n\n - Apache\n - ATS\n - Certificate Trust Policy\n - CoreAnimation\n - CoreText\n - curl\n - Data Security\n - Date and Time\n - File Bookmark\n - Finder\n - ImageIO\n - NVIDIA Drivers\n - PHP\n - QuickLook\n - QuickTime\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6150\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531263/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.9.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9])+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.9([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9\", \"Mac OS X \"+version);\n\nfixed_version = \"10.9.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:41:32", "description": "The remote host is running a version of Mac OS X 10.6 or 10.7 that\ndoes not have Security Update 2013-004 applied. This update contains\nseveral security-related fixes for the following component :\n\n - Apache\n - Bind\n - Certificate Trust Policy\n - ClamAV\n - Installer\n - IPSec\n - Mobile Device Management\n - OpenSSL\n - PHP\n - PostgreSQL\n - QuickTime\n - sudo\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.", "edition": 24, "published": "2013-09-13T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2013-004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0166", "CVE-2013-1775", "CVE-2013-1028", "CVE-2013-2266", "CVE-2012-4558", "CVE-2013-0169", "CVE-2013-1903", "CVE-2013-1643", "CVE-2013-2110", "CVE-2012-2687", "CVE-2012-2686", "CVE-2012-0883", "CVE-2013-1032", "CVE-2012-3817", "CVE-2013-2020", "CVE-2012-5688", "CVE-2013-1824", "CVE-2012-5166", "CVE-2012-4244", "CVE-2013-1030", "CVE-2013-1901", "CVE-2013-1902", "CVE-2012-3499", "CVE-2013-1635", "CVE-2013-1900", "CVE-2013-2021", "CVE-2013-1899", "CVE-2013-1027"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2013-004.NASL", "href": "https://www.tenable.com/plugins/nessus/69878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(69878);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-0883\",\n \"CVE-2012-2686\",\n \"CVE-2012-2687\",\n \"CVE-2012-3499\",\n \"CVE-2012-3817\",\n \"CVE-2012-4244\",\n \"CVE-2012-4558\",\n \"CVE-2012-5166\",\n \"CVE-2012-5688\",\n \"CVE-2013-0166\",\n \"CVE-2013-0169\",\n \"CVE-2013-1027\",\n \"CVE-2013-1028\",\n \"CVE-2013-1030\",\n \"CVE-2013-1032\",\n \"CVE-2013-1635\",\n \"CVE-2013-1643\",\n \"CVE-2013-1775\",\n \"CVE-2013-1824\",\n \"CVE-2013-1899\",\n \"CVE-2013-1900\",\n \"CVE-2013-1901\",\n \"CVE-2013-1902\",\n \"CVE-2013-1903\",\n \"CVE-2013-2020\",\n \"CVE-2013-2021\",\n \"CVE-2013-2110\",\n \"CVE-2013-2266\"\n );\n script_bugtraq_id(\n 53046,\n 54658,\n 55131,\n 55522,\n 55852,\n 56817,\n 57755,\n 57778,\n 58165,\n 58203,\n 58224,\n 58736,\n 58766,\n 58876,\n 58877,\n 58878,\n 58879,\n 58882,\n 59434,\n 60118,\n 60268,\n 60411,\n 62370,\n 62371,\n 62373,\n 62375,\n 62377\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-09-12-1\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2013-004)\");\n script_summary(english:\"Check for the presence of Security Update 2013-004\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of Mac OS X 10.6 or 10.7 that\ndoes not have Security Update 2013-004 applied. This update contains\nseveral security-related fixes for the following component :\n\n - Apache\n - Bind\n - Certificate Trust Policy\n - ClamAV\n - Installer\n - IPSec\n - Mobile Device Management\n - OpenSSL\n - PHP\n - PostgreSQL\n - QuickTime\n - sudo\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5880\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/528594/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2013-004 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Sudo Password Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[67]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6 / 10.7\");\nelse if (\"Mac OS X 10.6\" >< os && !ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-8]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Snow Leopard later than 10.6.8.\");\nelse if (\"Mac OS X 10.7\" >< os && !ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Lion later than 10.7.5.\");\n\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security(\\.10\\.[6-8]\\..+)?\\.(2013\\.00[4-9]|201[4-9]\\.[0-9]+)(\\.(snowleopard[0-9.]*|lion))?\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2013-004 or later installed and is therefore not affected.\");\nelse\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security BOMs : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:39:27", "description": "The remote host is running a version of Mac OS X 10.8.x that is prior\nto 10.8.5. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Apache\n - Bind\n - Certificate Trust Policy\n - CoreGraphics\n - ImageIO\n - Installer\n - IPSec\n - Kernel\n - Mobile Device Management\n - OpenSSL\n - PHP\n - PostgreSQL\n - Power Management\n - QuickTime\n - Screen Lock\n - sudo\n\nThis update also addresses an issue in which certain Unicode strings\ncould cause applications to unexpectedly quit.\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.", "edition": 24, "published": "2013-09-13T00:00:00", "title": "Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0166", "CVE-2013-1775", "CVE-2013-1028", "CVE-2013-2266", "CVE-2012-4558", "CVE-2013-0169", "CVE-2013-1903", "CVE-2013-1643", "CVE-2013-2110", "CVE-2013-1026", "CVE-2012-2687", "CVE-2012-2686", "CVE-2012-0883", "CVE-2013-1032", "CVE-2013-1025", "CVE-2012-3817", "CVE-2012-5688", "CVE-2013-1824", "CVE-2012-5166", "CVE-2013-1033", "CVE-2012-4244", "CVE-2013-1030", "CVE-2013-1901", "CVE-2013-1902", "CVE-2012-3499", "CVE-2013-1635", "CVE-2013-1029", "CVE-2013-1031", "CVE-2013-1900", "CVE-2013-1899", "CVE-2013-1027"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_8_5.NASL", "href": "https://www.tenable.com/plugins/nessus/69877", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(69877);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-0883\",\n \"CVE-2012-2686\",\n \"CVE-2012-2687\",\n \"CVE-2012-3499\",\n \"CVE-2012-3817\",\n \"CVE-2012-4244\",\n \"CVE-2012-4558\",\n \"CVE-2012-5166\",\n \"CVE-2012-5688\",\n \"CVE-2013-0166\",\n \"CVE-2013-0169\",\n \"CVE-2013-1025\",\n \"CVE-2013-1026\",\n \"CVE-2013-1027\",\n \"CVE-2013-1028\",\n \"CVE-2013-1029\",\n \"CVE-2013-1030\",\n \"CVE-2013-1031\",\n \"CVE-2013-1032\",\n \"CVE-2013-1033\",\n \"CVE-2013-1635\",\n \"CVE-2013-1643\",\n \"CVE-2013-1775\",\n \"CVE-2013-1824\",\n \"CVE-2013-1899\",\n \"CVE-2013-1900\",\n \"CVE-2013-1901\",\n \"CVE-2013-1902\",\n \"CVE-2013-1903\",\n \"CVE-2013-2110\",\n \"CVE-2013-2266\"\n );\n script_bugtraq_id(\n 53046,\n 54658,\n 55131,\n 55522,\n 55852,\n 56817,\n 57755,\n 57778,\n 58165,\n 58203,\n 58224,\n 58736,\n 58766,\n 58876,\n 58877,\n 58878,\n 58879,\n 58882,\n 60268,\n 60411,\n 62368,\n 62369,\n 62370,\n 62371,\n 62373,\n 62374,\n 62375,\n 62377,\n 62378,\n 62381,\n 62382\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-09-12-1\");\n\n script_name(english:\"Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of Mac OS X 10.8.x that is prior\nto 10.8.5. The newer version contains multiple security-related fixes\nfor the following components :\n\n - Apache\n - Bind\n - Certificate Trust Policy\n - CoreGraphics\n - ImageIO\n - Installer\n - IPSec\n - Kernel\n - Mobile Device Management\n - OpenSSL\n - PHP\n - PostgreSQL\n - Power Management\n - QuickTime\n - Screen Lock\n - sudo\n\nThis update also addresses an issue in which certain Unicode strings\ncould cause applications to unexpectedly quit.\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5880\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/528594/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.8.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Sudo Password Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-4]([^0-9]|$))\", string:os))\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n security_hole(0);\n}\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-03-03T20:56:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2014-1250", "CVE-2014-1249", "CVE-2014-1244", "CVE-2014-1251", "CVE-2014-1243", "CVE-2014-1248", "CVE-2014-1247"], "description": "This host is installed with Apple QuickTime player and is prone to multiple\n vulnerabilities.", "modified": "2020-02-28T00:00:00", "published": "2014-03-04T00:00:00", "id": "OPENVAS:1361412562310804320", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804320", "type": "openvas", "title": "Apple QuickTime Multiple Vulnerabilities Mar14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple QuickTime Multiple Vulnerabilities Mar14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:quicktime\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804320\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2014-1243\", \"CVE-2014-1244\", \"CVE-2014-1245\", \"CVE-2014-1246\",\n \"CVE-2014-1247\", \"CVE-2014-1248\", \"CVE-2014-1249\", \"CVE-2014-1250\",\n \"CVE-2014-1251\");\n script_bugtraq_id(65784, 65786, 65777, 65787);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-04 09:38:28 +0530 (Tue, 04 Mar 2014)\");\n script_name(\"Apple QuickTime Multiple Vulnerabilities Mar14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple QuickTime player and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to,\n\n - An unspecified error when handling track lists.\n\n - Multiple boundary errors when handling H.264 encoded movie files, 'ftab'\n atoms, 'dref' atoms, 'ldat' atoms, PSD images, 'clef' atoms.\n\n - An unspecified error that is due to a signedness issue.\n\n - An out-of-bounds memory write error when handling 'ttfo' elements.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code,\n conduct denial of service and compromise a vulnerable system.\");\n\n script_tag(name:\"affected\", value:\"Apple QuickTime version before 7.7.5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple QuickTime version 7.7.5 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6151\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57148\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2014/Feb/137\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"QuickTime/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"7.75.80.95\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.75.80.95\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2013-4113", "CVE-2013-4248", "CVE-2014-1250", "CVE-2014-1259", "CVE-2013-1896", "CVE-2014-1249", "CVE-2013-1862", "CVE-2014-1256", "CVE-2014-1265", "CVE-2014-1248", "CVE-2014-1247", "CVE-2013-6420", "CVE-2013-5987", "CVE-2013-5986", "CVE-2013-4073", "CVE-2013-6629"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-03-19T00:00:00", "published": "2014-09-22T00:00:00", "id": "OPENVAS:1361412562310804850", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804850", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities -04 Sep14", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln04_sep14.nasl 14304 2019-03-19 09:10:40Z cfischer $\n#\n# Apple Mac OS X Multiple Vulnerabilities -04 Sep14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804850\");\n script_version(\"$Revision: 14304 $\");\n script_cve_id(\"CVE-2013-1862\", \"CVE-2013-1896\", \"CVE-2014-1256\", \"CVE-2014-1265\",\n \"CVE-2014-1259\", \"CVE-2013-6629\", \"CVE-2013-5986\", \"CVE-2013-5987\",\n \"CVE-2013-4073\", \"CVE-2013-4113\", \"CVE-2013-4248\", \"CVE-2013-6420\",\n \"CVE-2014-1246\", \"CVE-2014-1247\", \"CVE-2014-1248\", \"CVE-2014-1249\",\n \"CVE-2014-1250\", \"CVE-2014-1245\");\n script_bugtraq_id(59826, 61129, 65777, 63676, 65208, 64525, 60843, 61128, 61776,\n 64225);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 10:10:40 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-22 15:50:08 +0530 (Mon, 22 Sep 2014)\");\n\n script_name(\"Apple Mac OS X Multiple Vulnerabilities -04 Sep14\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist. For more details\n refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to conduct cross-site scripting, change the system clock, bypass security\n restrictions, disclose sensitive information, compromise the affected system,\n and denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.7.x through\n 10.7.5, 10.8.x through 10.8.5 and 10.9.x before 10.9.2\");\n\n script_tag(name:\"solution\", value:\"Run Mac Updates. Please see the references for more information.\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6150\");\n script_tag(name:\"qod\", value:\"30\"); ## Build information is not available\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6150\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54960\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[7-9]\\.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_in_range(version:osVer, test_version:\"10.9.0\", test_version2:\"10.9.1\")||\n version_in_range(version:osVer, test_version:\"10.8.0\", test_version2:\"10.8.5\")||\n version_in_range(version:osVer, test_version:\"10.7.0\", test_version2:\"10.7.5\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1028", "CVE-2013-1026", "CVE-2013-1032", "CVE-2013-1025", "CVE-2013-1033", "CVE-2013-1030", "CVE-2013-1029", "CVE-2013-1031", "CVE-2013-1027"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2015-10-29T00:00:00", "id": "OPENVAS:1361412562310806150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806150", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-04 October-15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-04 October-15\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806150\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2013-1032\", \"CVE-2013-1031\", \"CVE-2013-1030\", \"CVE-2013-1029\",\n \"CVE-2013-1028\", \"CVE-2013-1027\", \"CVE-2013-1026\", \"CVE-2013-1025\",\n \"CVE-2013-1033\");\n script_bugtraq_id(62375, 62374, 62377, 62382, 62371, 62370, 62369, 62368, 62378);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-10-29 13:55:31 +0530 (Thu, 29 Oct 2015)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-04 October-15\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details refer\n reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to obtain sensitive information, execute arbitrary code, bypass intended launch\n restrictions and access restrictions, cause a denial of service and write to\n arbitrary files.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.7.x through\n 10.7.5 prior to security update 2013-004, 10.6.x prior to security update 2013-004\n and 10.8.x before 10.8.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apple Mac OS X 10.8.x to version\n 10.8.5 or later or apply appropriate patch for Apple Mac OS X 10.7.x and 10.6.x. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT202785\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[6-8]\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.[6-8]\"){\n exit(0);\n}\n\nif(osVer =~ \"^10\\.[67]\")\n{\n if(version_in_range(version:osVer, test_version:\"10.6\", test_version2:\"10.6.7\") ||\n version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.7.5\" || osVer == \"10.6.8\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(buildVer)\n {\n if((osVer == \"10.7.5\" && version_is_less(version:buildVer, test_version:\"11G1058\")) ||\n (osVer == \"10.6.8\" && version_is_less(version:buildVer, test_version:\"10K1136\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.8\", test_version2:\"10.8.4\")){\n fix = \"10.8.5\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:06:48", "description": "QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.", "edition": 6, "cvss3": {}, "published": "2013-09-16T13:02:00", "title": "CVE-2013-1032", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1032"], "modified": "2014-03-06T04:43:00", "cpe": ["cpe:/a:apple:quicktime:*", "cpe:/o:apple:mac_os_x:10.8.4", "cpe:/o:apple:mac_os_x:10.8.2", "cpe:/o:apple:mac_os_x:10.8.0", "cpe:/o:apple:mac_os_x:10.8.1", "cpe:/o:apple:mac_os_x:10.8.3"], "id": "CVE-2013-1032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1032", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1251", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1251"], "modified": "2015-10-21T16:29:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1251", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1243", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1243"], "modified": "2014-02-27T13:47:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1243", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1243", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1250", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1250"], "modified": "2014-03-10T17:37:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1250", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1249", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1249"], "modified": "2014-03-10T17:38:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1249", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1249", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1244", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1244"], "modified": "2015-10-21T14:58:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1244", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1247", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1247"], "modified": "2014-03-10T17:37:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1247", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1247", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1248", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1248"], "modified": "2014-03-10T17:39:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1248", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1248", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1246", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1246"], "modified": "2014-02-27T17:13:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1246", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1246", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:26", "description": "Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.", "edition": 6, "cvss3": {}, "published": "2014-02-27T01:55:00", "title": "CVE-2014-1245", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1245"], "modified": "2014-03-10T17:40:00", "cpe": ["cpe:/a:apple:quicktime:7.2.0", "cpe:/a:apple:quicktime:7.0.4", "cpe:/a:apple:quicktime:7.68.75.0", "cpe:/a:apple:quicktime:7.1.5", "cpe:/a:apple:quicktime:7.7.1", "cpe:/a:apple:quicktime:7.66.71.0", "cpe:/a:apple:quicktime:7.64.17.73", "cpe:/a:apple:quicktime:7.6.2", "cpe:/a:apple:quicktime:7.3.1.70", "cpe:/a:apple:quicktime:7.4.5", "cpe:/a:apple:quicktime:7.1.6", "cpe:/a:apple:quicktime:7.6.8", "cpe:/a:apple:quicktime:7.6.5", "cpe:/a:apple:quicktime:7.3.0", "cpe:/a:apple:quicktime:7.7.2", "cpe:/a:apple:quicktime:7.7.0", "cpe:/a:apple:quicktime:7.7.4", "cpe:/a:apple:quicktime:7.1.3", "cpe:/a:apple:quicktime:7.6.1", "cpe:/a:apple:quicktime:7.6.7", "cpe:/a:apple:quicktime:7.1.1", "cpe:/a:apple:quicktime:7.69.80.9", "cpe:/a:apple:quicktime:7.4.1", "cpe:/a:apple:quicktime:7.0.1", "cpe:/a:apple:quicktime:7.5.0", "cpe:/a:apple:quicktime:7.3.1", "cpe:/a:apple:quicktime:7.0.2", "cpe:/a:apple:quicktime:7.1.2", "cpe:/a:apple:quicktime:7.6.0", "cpe:/a:apple:quicktime:7.0.0", "cpe:/a:apple:quicktime:7.0.3", "cpe:/a:apple:quicktime:7.60.92.0", "cpe:/a:apple:quicktime:7.6.6", "cpe:/a:apple:quicktime:7.2.1", "cpe:/a:apple:quicktime:7.71.80.42", "cpe:/a:apple:quicktime:7.1.4", "cpe:/a:apple:quicktime:7.6.9", "cpe:/a:apple:quicktime:7.1.0", "cpe:/a:apple:quicktime:7.65.17.80", "cpe:/a:apple:quicktime:7.5.5", "cpe:/a:apple:quicktime:7.70.80.34", "cpe:/a:apple:quicktime:7.7.3", "cpe:/a:apple:quicktime:7.4.0", "cpe:/a:apple:quicktime:7.62.14.0", "cpe:/a:apple:quicktime:7.67.75.0"], "id": "CVE-2014-1245", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1245", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T17:37:49", "description": "BUGTRAQ ID: 65777\r\nCVE(CAN) ID: CVE-2014-1254,CVE-2014-1262,CVE-2014-1255,CVE-2014-1256,CVE-2014-1257,CVE-2014-1258,CVE-2014-1261,CVE-2014-1263,CVE-2014-1265,CVE-2014-1259,CVE-2014-1264,CVE-2014-1260,CVE-2014-1246,CVE-2014-1247,CVE-2014-1248,CVE-2014-1249,CVE-2014-1250,CVE-2014-1245\r\n\r\nOS X\uff08\u524d\u79f0Mac OS X\uff09\u662f\u82f9\u679c\u516c\u53f8\u4e3a\u9ea6\u91d1\u5854\u7535\u8111\u5f00\u53d1\u7684\u4e13\u5c5e\u64cd\u4f5c\u7cfb\u7edf\u7684\u6700\u65b0\u7248\u672c\u3002\r\n\r\nOS X 10.9.2\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5f71\u54cdATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, File Bookmark\u7ec4\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u83b7\u53d6\u672a\u6388\u6743\u8bbf\u95ee\u6743\u9650\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6267\u884c\u5176\u4ed6\u653b\u51fb\u7b49\u3002\n0\nApple Mac OS X < 10.9.2\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.apple.com/support/downloads/", "published": "2014-02-26T00:00:00", "type": "seebug", "title": "Apple Mac OS X\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e(APPLE-SA-2014-02-25-1)", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1245", "CVE-2014-1246", "CVE-2014-1247", "CVE-2014-1248", "CVE-2014-1249", "CVE-2014-1250", "CVE-2014-1254", "CVE-2014-1255", "CVE-2014-1256", "CVE-2014-1257", "CVE-2014-1258", "CVE-2014-1259", "CVE-2014-1260", "CVE-2014-1261", "CVE-2014-1262", "CVE-2014-1263", "CVE-2014-1264", "CVE-2014-1265"], "modified": "2014-02-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61574", "id": "SSV:61574", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:33:40", "description": "BUGTRAQ ID: 65784\r\nCVE(CAN) ID: CVE-2014-1243\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nWindows 7, Vista, XP SP2\u5e73\u53f0\u4e0aQuickTime 7.7.5\u4e4b\u524d\u7248\u672c\u5904\u7406\u8ddf\u8e2a\u5217\u8868\u65f6\u5b58\u5728\u672a\u521d\u59cb\u5316\u6307\u9488\u95ee\u9898\uff0c\u6076\u610f\u5236\u4f5c\u7684\u89c6\u9891\u6587\u4ef6\u53ef\u5bfc\u81f4\u5e94\u7528\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nApple Quicktime < 7.7.5\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.apple.com/support/downloads/\r\nhttp://support.apple.com/kb/HT1338", "published": "2014-02-28T00:00:00", "type": "seebug", "title": "Apple QuickTime\u8fdc\u7a0b\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1243"], "modified": "2014-02-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61608", "id": "SSV:61608", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:33:31", "description": "BUGTRAQ ID: 65787\r\nCVE(CAN) ID: CVE-2014-1251\r\n\r\nQuickTime\u662f\u7531\u82f9\u679c\u7535\u8111\u6240\u5f00\u53d1\u7684\u4e00\u79cd\u591a\u5a92\u4f53\u67b6\u6784\uff0c\u80fd\u591f\u5904\u7406\u8bb8\u591a\u7684\u6570\u5b57\u89c6\u9891\u3001\u5a92\u4f53\u6bb5\u843d\u3001\u97f3\u6548\u3001\u6587\u5b57\u3001\u52a8\u753b\u3001\u97f3\u4e50\u683c\u5f0f\uff0c\u4ee5\u53ca\u4ea4\u4e92\u5f0f\u5168\u666f\u5f71\u50cf\u7684\u6570\u9879\u7c7b\u578b\u3002\r\n\r\nWindows 7, Vista, XP SP2\u5e73\u53f0\u4e0aQuickTime 7.7.5\u4e4b\u524d\u7248\u672c\u5904\u7406'clef'\u5143\u7d20\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\uff0c\u6076\u610f\u5236\u4f5c\u7684\u89c6\u9891\u6587\u4ef6\u53ef\u5bfc\u81f4\u5e94\u7528\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nApple Quicktime < 7.7.5\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.apple.com/support/downloads/\r\nhttp://support.apple.com/kb/HT1338", "published": "2014-02-28T00:00:00", "type": "seebug", "title": "Apple QuickTime\u8fdc\u7a0b\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1251"], "modified": "2014-02-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61607", "id": "SSV:61607", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:40:51", "bulletinFamily": "info", "cvelist": ["CVE-2014-1243"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nam atom in an mp4 file. Manipulation of this atom can corrupt memory and a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-044/", "id": "ZDI-14-044", "title": "Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:44", "bulletinFamily": "info", "cvelist": ["CVE-2014-1244"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the stsz atom. By creating a deliberately malformed stsz atom, an attacker is able to cause a heap overflow within the QuickTime parser. Using this vulnerability, an attacker can execute arbitrary code in the context of the user.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-045/", "id": "ZDI-14-045", "title": "Apple QuickTime stsz Atom Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:42:29", "bulletinFamily": "info", "cvelist": ["CVE-2014-1251"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the clef atom. An attacker can use this flaw to overflow an improperly allocated buffer, which could allow for the execution of arbitrary code in the context of the current process.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-049/", "id": "ZDI-14-049", "title": "Apple QuickTime clef Atom Heap Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:44", "bulletinFamily": "info", "cvelist": ["CVE-2014-1247"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dref atom. It is possible for an attacker to nest atoms within the dref atom that have sizes larger than the enclosing atom. By leveraging this vulnerability, an attacker can execute arbitrary code in the context of the current user.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-046/", "id": "ZDI-14-046", "title": "Apple QuickTime dref Atom Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:42:18", "bulletinFamily": "info", "cvelist": ["CVE-2014-1245"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the stsz atom. By providing a malicious value inside of the stsz atom, an attacker is able to influence the destination of a data write. An attacker could use this vulnerability to execute arbitrary code in the context of the viewing user.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-047/", "id": "ZDI-14-047", "title": "Apple QuickTime stsz Atom Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:24", "bulletinFamily": "info", "cvelist": ["CVE-2014-1246"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the ftab atom. By providing an overly large font name, an attacker can overflow a fixed size stack buffer. An attacker could use this vulnerability to execute arbitrary code in the context of the user.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-048/", "id": "ZDI-14-048", "title": "Apple QuickTime ftab Atom Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
