Search Results (Refine Search)
- CPE Product Version: cpe:/a:apple:quicktime:7.1.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-0712 |
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0713 |
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2007-0714 |
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0715 |
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2007-0716 |
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2007-0717 |
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2007-0718 |
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2007-0588 |
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. Published: January 30, 2007; 1:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-0462 |
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. Published: January 25, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-0059 |
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. Published: January 04, 2007; 7:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-0015 |
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. Published: January 01, 2007; 6:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-4965 |
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Published: September 24, 2006; 8:07:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |