National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apple:quicktime:6.5.0
There are 195 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2008-2010

Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published: April 29, 2008; 08:10:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-1013

Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1014

Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1015

Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1016

Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1017

Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1018

Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1019

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1020

Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1021

Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1022

Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1023

Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.

Published: April 04, 2008; 01:44:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-0778

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

Published: February 14, 2008; 07:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2008-0032

Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

Published: January 15, 2008; 10:00:00 PM -05:00
    V2: 5.8 MEDIUM
CVE-2008-0033

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

Published: January 15, 2008; 10:00:00 PM -05:00
    V2: 9.3 HIGH
CVE-2008-0036

Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.

Published: January 15, 2008; 10:00:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2008-0031

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

Published: January 15, 2008; 09:00:00 PM -05:00
    V2: 5.8 MEDIUM
CVE-2007-4706

Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.

Published: December 14, 2007; 08:46:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2007-4707

Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.

Published: December 14, 2007; 08:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Published: November 28, 2007; 08:46:00 PM -05:00
    V2: 9.3 HIGH