Apple Quicktime vulnerabilities

CVE-2007-2295 [CRITICAL] CWE-119 CVE-2007-2295: Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other ver Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.

CVE-2007-0711 [CRITICAL] CWE-189 CVE-2007-0711: Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allow Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

CVE-2007-0712 [CRITICAL] CWE-119 CVE-2007-0712: Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.

CVE-2007-0714 [CRITICAL] CWE-189 CVE-2007-0714: Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a de Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.

CVE-2007-0713 [MEDIUM] CVE-2007-0713: Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

CVE-2007-0715 [MEDIUM] CVE-2007-0715: Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

CVE-2007-0718 [MEDIUM] CWE-119 CVE-2007-0718: Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

CVE-2007-0717 [MEDIUM] CVE-2007-0717: Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a de Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

CVE-2007-0716 [MEDIUM] CVE-2007-0716: Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

CVE-2007-0588 [HIGH] CVE-2007-0588: The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other application The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overla

CVE-2007-0462 [CRITICAL] CVE-2007-0462: The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

CVE-2007-0059 [MEDIUM] CVE-2007-0059: Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attacke Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

CVE-2007-0015 [MEDIUM] CVE-2007-0015: Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a lon Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.

CVE-2006-4965 [MEDIUM] CWE-94 CVE-2006-4965: Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript cod Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instance

CVE-2006-4388 [MEDIUM] CVE-2006-4388: Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute ar Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

CVE-2006-4385 [MEDIUM] CVE-2006-4385: Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arb Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.

CVE-2006-4386 [MEDIUM] CVE-2006-4386: Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute ar Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.

CVE-2006-4389 [MEDIUM] CVE-2006-4389: Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a c Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.

CVE-2006-4384 [MEDIUM] CVE-2006-4384: Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.

CVE-2006-4382 [MEDIUM] CVE-2006-4382: Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to ex Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.