Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:apple:quicktime:3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3626 |
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-3625 |
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3624 |
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-3615 |
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3614 |
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1739 |
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. Published: September 03, 2008; 3:42:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1581 |
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. Published: June 10, 2008; 2:32:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1583 |
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. Published: June 10, 2008; 2:32:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1584 |
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. Published: June 10, 2008; 2:32:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1585 |
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. Published: June 10, 2008; 2:32:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-2010 |
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Published: April 29, 2008; 8:10:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1013 |
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1014 |
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1015 |
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1016 |
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1017 |
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1018 |
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1019 |
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1020 |
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1021 |
Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. Published: April 04, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |