CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Quicktime : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-0032 399 Exec Code 2008-01-15 2008-09-05
5.8
None Remote Medium Not required None Partial Partial
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
2 CVE-2008-0031 399 DoS Exec Code Mem. Corr. 2008-01-15 2011-09-20
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
3 CVE-2007-0718 119 DoS Exec Code Overflow Mem. Corr. 2007-03-05 2011-10-18
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.
4 CVE-2007-0717 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
5 CVE-2007-0716 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
6 CVE-2007-0715 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
7 CVE-2007-0713 DoS Exec Code Overflow 2007-03-05 2008-09-05
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
8 CVE-2006-4965 94 Exec Code 2006-09-24 2008-09-05
5.0
None Remote Low Not required None Partial None
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
9 CVE-2006-4389 Exec Code 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
10 CVE-2006-4388 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
11 CVE-2006-4386 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
12 CVE-2006-4385 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
13 CVE-2006-4384 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
14 CVE-2006-4382 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
15 CVE-2006-4381 Exec Code Overflow 2006-09-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
16 CVE-2006-1465 Exec Code Overflow 2006-05-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
17 CVE-2006-1464 Exec Code Overflow 2006-05-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file.
18 CVE-2006-1463 Exec Code Overflow 2006-05-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.
19 CVE-2006-1462 189 Exec Code Overflow 2006-05-12 2011-09-09
5.1
User Remote High Not required Partial Partial Partial
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
20 CVE-2006-1461 119 Exec Code Overflow 2006-05-12 2011-09-20
5.1
User Remote High Not required Partial Partial Partial
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
21 CVE-2006-1460 119 Exec Code Overflow 2006-05-12 2011-09-20
5.1
User Remote High Not required Partial Partial Partial
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.
22 CVE-2006-1459 189 DoS Exec Code Overflow 2006-05-12 2011-09-09
5.1
User Remote High Not required Partial Partial Partial
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV).
23 CVE-2006-1458 Exec Code Overflow 2006-05-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
24 CVE-2006-1454 Exec Code Overflow 2006-05-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data.
25 CVE-2006-1453 119 Exec Code Overflow 2006-05-12 2011-08-04
5.1
User Remote High Not required Partial Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information.
26 CVE-2005-2756 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
27 CVE-2005-2754 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
28 CVE-2005-2753 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
29 CVE-2005-1579 +Info 2005-05-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
30 CVE-2004-0988 DoS Overflow 2005-03-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.
31 CVE-2004-0922 2005-01-27 2008-09-05
5.0
None Remote Low Not required Partial None None
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
32 CVE-2004-0431 Exec Code Overflow 2004-07-07 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow.
Total number of vulnerabilities : 32   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.