The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
Max CVSS
4.3
EPSS Score
0.45%
Published
2011-03-23
Updated
2011-10-21
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-12-09
Updated
2017-09-19
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
Max CVSS
4.3
EPSS Score
1.84%
Published
2008-09-11
Updated
2018-10-30
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.60%
Published
2008-04-04
Updated
2017-08-08
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
Max CVSS
4.3
EPSS Score
0.85%
Published
2007-07-15
Updated
2018-10-30
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
Max CVSS
2.6
EPSS Score
0.58%
Published
2005-11-05
Updated
2018-10-19
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!