ignore security and it'll go away
Showing 1 - 25 of 100 RSS Feed

Files

Apple Quicktime FPX / PSD File Parsing Memory Corruption
Posted Mar 30, 2016
Authored by Francis Provencher

Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.

tags | exploit, vulnerability, proof of concept
systems | linux, apple
advisories | CVE-2016-1767, CVE-2016-1768, CVE-2016-1769
MD5 | 3c5a29ece12ebdfba29f33d2077a59cd

Related Files

Zero Day Initiative Advisory 12-135
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. This pointer normally gets updated to point to the current sample data, but this does not happen when the allocation fails. The QuickTime player then re-uses the stale pointer and a use-after-free situation occurs. This can lead to remote code execution under that context of the current process.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0661
MD5 | a3c9630afd77f3911b82c081120f46a0
Zero Day Initiative Advisory 12-130
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3458
MD5 | 2b0085628fee048c74492dad644f5d62
Zero Day Initiative Advisory 12-125
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts. The stack buffer overflow occurs as a result of an unbounded string copy function in Quicktime.qts, reachable through the IQTPluginControl::SetLanguage COM method exposed by the COM object QTPlugin.ocx. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2012-0666
MD5 | 425fd990d9d1f04fa82ad12630cbfa66
Apple QuickTime TeXML Stack Buffer Overflow
Posted Jun 29, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.

tags | exploit, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0663, OSVDB-81934
MD5 | 85791f9a94c2dae702f38a6997745009
Zero Day Initiative Advisory 12-108
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the sampleData element the code within QuickTime3GPP.qtx does not properly validate the length of the data within a color sub-field before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
MD5 | 8cffd60a8f068729b403d9657f3c4637
Zero Day Initiative Advisory 12-109
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the karaoke XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much data into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
MD5 | e6d071e869f952635d165154a69dca1c
Zero Day Initiative Advisory 12-107
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the style XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2012-0663
MD5 | 9cc8b6a1fd21a25af1426b84e39daeb6
Zero Day Initiative Advisory 12-105
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within he way Quicktime handles Text Track Descriptors. Values for almost all of the text descriptors recognized by quicktime will be read into a fixed size buffer. This can lead to a heap based buffer overflow which can result in remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0664
MD5 | 3612c709f69450be7a06020e0d327729
Apple QuickTime Security Bypass
Posted Jun 25, 2012
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations does not agree with Apple's evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.

tags | exploit, java, proof of concept, bypass
systems | linux, apple
MD5 | b455e16bcd79c5388b8972a887d86fc8
Zero Day Initiative Advisory 12-095
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-095 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the transform attribute the code within QuickTime3GPP.qtx does not properly validate the length of the data within a translate or matrix object before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2012-0663
MD5 | 6a5eb4839af2244bab3c6bb6cb14c0fc
Zero Day Initiative Advisory 12-078
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-078 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles file with the Sorenson v3 Codec. When parsing the data inside the svq3 stream QuickTime does not verify the value for the mb_skip_run value it reads from the data. This value is used later as a loop counter to write data to a heap allocation without boundary checking. This can result in a heap based buffer overflow that can result in remote code execution under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0669
MD5 | 39e9db03951b048937fe33fc24c0942c
Zero Day Initiative Advisory 12-077
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuickTimeVR.qtx component. A signedness error exists when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2012-0667
MD5 | 5324798ac1f458c02268691bf0b9ecee
Zero Day Initiative Advisory 12-075
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0668
MD5 | e56d5ff2b2fdb50359810d4cc109ccd1
Apple Quicktime .pct Parsing Memory Corruption
Posted May 15, 2012
Authored by Rodrigo Rubira Branco

Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.

tags | advisory
systems | windows, apple, xp
advisories | CVE-2012-0671
MD5 | c437473b3959e9b762550efe55331b27
Zero Day Initiative Advisory 12-005
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-05 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2011-3248
MD5 | e2313aba0e79de102b33fcc75a2e53eb
Zero Day Initiative Advisory 12-004
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2011-3250
MD5 | 309f589f17e67bf134a930ae65f7b9e8
Zero Day Initiative Advisory 11-340
Posted Dec 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-340 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3248
MD5 | 54297e70e370cf6f8c2f103147b58af4
Zero Day Initiative Advisory 11-316
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-316 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. When Quicktime later uses the function to determine where it should write its data it does check the upper boundaries, but not the lower ones causing a heap buffer underwrite. This can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3251
MD5 | a84bec756bcff931e233c24d207f24da
Zero Day Initiative Advisory 11-315
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-315 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allows for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3249
MD5 | cf25d840505350633407351120274590
Zero Day Initiative Advisory 11-313
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-313 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. When Quicktime tries to decompress this data it reads a user supplied RLE Packet count field from the file and uses that as loop counter. A high value for this field will cause Quicktime to write outside previously allocated memory which could result into remote code execution.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3223
MD5 | d964d43fc540f8103b2e4554b8f34787
Zero Day Initiative Advisory 11-312
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-312 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3221
MD5 | e09df08c3ae932c8998aaf6e0c10f3a4
Zero Day Initiative Advisory 11-311
Posted Oct 27, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-311 - This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how QuickTime.qts parses a data handler in specific atom within a .mov file. The application will utilize a string length to copy data into an heap buffer, if the string is of zero-length, the application will fail to copy anything and then proceed to use the uninitialized buffer as a string.

tags | advisory, remote
systems | apple
advisories | CVE-2011-3220
MD5 | 2edb765a47b2f312adfd89db39f8a871
Secunia Security Advisory 46618
Posted Oct 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | apple
MD5 | 050cc59ac5d86431fab8877ac61b254b
Zero Day Initiative Advisory 11-304
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. A field will be read from the file in order to calculate a length that is later used in a memory copy operation into a statically sized buffer. Successful exploitation can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3252
MD5 | dd2644cc712b83a32978163292120634
Zero Day Initiative Advisory 11-303
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-303 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. When those fields contain incorrect data Quicktime will eventually write outside the buffer allocated for the movie stream. This can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3219
MD5 | a0067945002727c5f9476171ff285c65
Page 1 of 4
Back1234Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    16 Files
  • 24
    Oct 24th
    4 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close