National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apple:quicktime:6.5.0
There are 195 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2007-2395

Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-3750

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-3751

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-4672

Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 7.6 HIGH
CVE-2007-4675

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-4676

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-4677

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

Published: November 07, 2007; 06:46:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-5045

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.

Published: September 23, 2007; 08:17:00 PM -04:00
    V2: 9.3 HIGH
CVE-2007-0754

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.

Published: May 14, 2007; 05:19:00 PM -04:00
    V2: 9.3 HIGH
CVE-2007-0711

Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

Published: March 05, 2007; 05:19:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-0712

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.

Published: March 05, 2007; 05:19:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-0714

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.

Published: March 05, 2007; 05:19:00 PM -05:00
    V2: 9.3 HIGH
CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

Published: January 04, 2007; 07:28:00 PM -05:00
    V2: 6.8 MEDIUM
CVE-2006-4381

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.

Published: September 12, 2006; 07:07:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4382

Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.

Published: September 12, 2006; 07:07:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4384

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.

Published: September 12, 2006; 07:07:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4386

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.

Published: September 12, 2006; 07:07:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4388

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

Published: September 12, 2006; 07:07:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-2238

Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.

Published: May 12, 2006; 05:02:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-1453

Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information.

Published: May 12, 2006; 04:06:00 PM -04:00
    V2: 5.1 MEDIUM