Apple Quicktime vulnerabilities

CVE-2008-1585 [MEDIUM] CWE-20 CVE-2008-1585: Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt: Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.

CVE-2008-1581 [MEDIUM] CWE-119 CVE-2008-1581: Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.

CVE-2008-1584 [MEDIUM] CWE-119 CVE-2008-1584: Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to ca Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.

CVE-2008-1020 [MEDIUM] CWE-119 CVE-2008-1020: Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.

CVE-2008-1021 [MEDIUM] CWE-119 CVE-2008-1021: Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Wi Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.

CVE-2008-1015 [MEDIUM] CWE-119 CVE-2008-1015: Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote at Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

CVE-2008-1023 [MEDIUM] CWE-119 CVE-2008-1023: Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.

CVE-2008-1022 [MEDIUM] CWE-119 CVE-2008-1022: Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbit Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.

CVE-2008-1019 [MEDIUM] CWE-119 CVE-2008-1019: Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.

CVE-2008-1016 [MEDIUM] CWE-94 CVE-2008-1016: Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attack Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

CVE-2008-1014 [MEDIUM] CWE-20 CVE-2008-1014: Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote a Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.

CVE-2008-1013 [MEDIUM] CVE-2008-1013: Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, wh Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

CVE-2008-1018 [MEDIUM] CWE-119 CVE-2008-1018: Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitr Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.

CVE-2008-1017 [MEDIUM] CWE-119 CVE-2008-1017: Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple Qui Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

CVE-2008-0778 [HIGH] CWE-119 CVE-2008-0778: Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4. Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

CVE-2008-0033 [CRITICAL] CWE-399 CVE-2008-0033: Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

CVE-2008-0031 [MEDIUM] CWE-399 CVE-2008-0031: Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

CVE-2008-0036 [MEDIUM] CWE-119 CVE-2008-0036: Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.

CVE-2008-0032 [MEDIUM] CWE-399 CVE-2008-0032: Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file contai Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

CVE-2008-0234 [CRITICAL] CWE-119 CVE-2008-0234: Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunnel Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.