The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
Max CVSS
4.3
EPSS Score
0.45%
Published
2011-03-23
Updated
2011-10-21
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
Max CVSS
4.3
EPSS Score
1.84%
Published
2008-09-11
Updated
2018-10-30
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.60%
Published
2008-04-04
Updated
2017-08-08
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
Max CVSS
5.8
EPSS Score
9.87%
Published
2008-01-16
Updated
2017-08-08
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
Max CVSS
5.8
EPSS Score
5.48%
Published
2008-01-16
Updated
2017-08-08
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
Max CVSS
4.3
EPSS Score
0.85%
Published
2007-07-15
Updated
2018-10-30
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.
Max CVSS
5.8
EPSS Score
85.52%
Published
2007-03-05
Updated
2018-10-16
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
Max CVSS
5.8
EPSS Score
7.12%
Published
2007-03-05
Updated
2017-07-29
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
Max CVSS
5.8
EPSS Score
5.14%
Published
2007-03-05
Updated
2017-07-29
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
Max CVSS
5.8
EPSS Score
5.14%
Published
2007-03-05
Updated
2017-07-29
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
Max CVSS
5.8
EPSS Score
7.10%
Published
2007-03-05
Updated
2018-10-16
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
Max CVSS
5.0
EPSS Score
1.98%
Published
2006-09-25
Updated
2018-10-17
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
Max CVSS
5.1
EPSS Score
4.35%
Published
2006-09-12
Updated
2018-10-17
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
Max CVSS
5.1
EPSS Score
10.71%
Published
2006-09-12
Updated
2018-10-17
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
Max CVSS
5.1
EPSS Score
15.67%
Published
2006-09-12
Updated
2018-10-17
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
Max CVSS
5.1
EPSS Score
8.56%
Published
2006-09-12
Updated
2018-10-17
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
Max CVSS
5.1
EPSS Score
72.73%
Published
2006-09-12
Updated
2018-10-17
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
Max CVSS
5.1
EPSS Score
13.07%
Published
2006-09-12
Updated
2018-10-17
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
Max CVSS
5.1
EPSS Score
37.59%
Published
2006-09-12
Updated
2018-10-17
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
Max CVSS
5.1
EPSS Score
3.07%
Published
2006-05-12
Updated
2018-10-18
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file.
Max CVSS
5.1
EPSS Score
4.44%
Published
2006-05-12
Updated
2018-10-18
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.
Max CVSS
5.1
EPSS Score
12.82%
Published
2006-05-12
Updated
2018-10-18
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
Max CVSS
5.1
EPSS Score
4.33%
Published
2006-05-12
Updated
2018-10-18
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
Max CVSS
5.1
EPSS Score
4.38%
Published
2006-05-12
Updated
2018-10-18
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.
Max CVSS
5.1
EPSS Score
79.88%
Published
2006-05-12
Updated
2018-10-18
36 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!