The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
Max CVSS
10.0
EPSS Score
87.72%
Published
2007-01-26
Updated
2017-07-29
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
Max CVSS
10.0
EPSS Score
4.53%
Published
2007-12-04
Updated
2017-08-08
Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
2.06%
Published
2017-04-24
Updated
2017-04-28
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
Max CVSS
9.3
EPSS Score
7.06%
Published
2007-03-05
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
Max CVSS
9.3
EPSS Score
4.88%
Published
2007-03-05
Updated
2018-10-30
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
Max CVSS
9.3
EPSS Score
92.27%
Published
2007-03-05
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
Max CVSS
9.3
EPSS Score
10.61%
Published
2007-05-14
Updated
2018-10-16
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
Max CVSS
9.3
EPSS Score
55.50%
Published
2007-04-26
Updated
2017-07-29
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.
Max CVSS
9.3
EPSS Score
82.01%
Published
2007-04-26
Updated
2017-07-29
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
Max CVSS
9.3
EPSS Score
3.53%
Published
2007-05-29
Updated
2011-05-18
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
Max CVSS
9.3
EPSS Score
2.88%
Published
2007-07-15
Updated
2018-10-30
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
Max CVSS
9.3
EPSS Score
5.00%
Published
2007-07-15
Updated
2018-10-30
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
Max CVSS
9.3
EPSS Score
72.38%
Published
2007-07-15
Updated
2018-10-30
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
Max CVSS
9.3
EPSS Score
6.18%
Published
2007-11-07
Updated
2017-07-29
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
Max CVSS
9.3
EPSS Score
5.89%
Published
2007-07-15
Updated
2018-10-30
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
Max CVSS
9.3
EPSS Score
73.77%
Published
2007-07-15
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
Max CVSS
9.3
EPSS Score
17.40%
Published
2007-11-07
Updated
2017-07-29
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
Max CVSS
9.3
EPSS Score
0.94%
Published
2007-10-04
Updated
2017-07-29
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
Max CVSS
9.3
EPSS Score
2.37%
Published
2007-12-15
Updated
2017-07-29
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.
Max CVSS
9.3
EPSS Score
1.93%
Published
2007-09-24
Updated
2018-10-15

CVE-2007-6166

Public exploit
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Max CVSS
9.3
EPSS Score
97.02%
Published
2007-11-29
Updated
2018-10-30
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
70.61%
Published
2008-01-16
Updated
2018-10-15
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
Max CVSS
9.3
EPSS Score
75.91%
Published
2008-01-11
Updated
2018-10-15
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
9.3
EPSS Score
1.52%
Published
2008-04-30
Updated
2018-10-30
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
Max CVSS
9.3
EPSS Score
1.72%
Published
2008-09-11
Updated
2018-11-01
246 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!