Exploit the possiblities
Showing 51 - 75 of 100 RSS Feed

Files

Apple Quicktime FPX / PSD File Parsing Memory Corruption
Posted Mar 30, 2016
Authored by Francis Provencher

Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.

tags | exploit, vulnerability, proof of concept
systems | linux, apple
advisories | CVE-2016-1767, CVE-2016-1768, CVE-2016-1769
MD5 | 3c5a29ece12ebdfba29f33d2077a59cd

Related Files

Zero Day Initiative Advisory 10-252
Posted Nov 17, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-252 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for a component within the SIZ marker in a JPEG 2000 image. When the component contains a malicious value, the application will add a corrupted object to a queue of data which will be processed by the Component Manager's JP2 decompressor. Later when attempting to decompress this data, the application will use the corrupted object. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-3788
MD5 | 3f59b5a38becd8655f0f7cf390d90793
Zero Day Initiative Advisory 10-250
Posted Nov 17, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing rec chunks within an AVI media file. By modifying specific values within the data structure a heap corruption condition can be triggered. An attacker can abuse this to execute arbitrary code under the context of the user running QuickTime.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2010-3789
MD5 | 27d7a21701f60797691c6ea62347c1a5
Zero Day Initiative Advisory 10-244
Posted Nov 10, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will miscalculate a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-0515
MD5 | cff6f92c1244f266b0e78fda63f458eb
Month Of Abysssec Undisclosed Bugs - Apple QuickTime FLI
Posted Sep 18, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
systems | apple
advisories | CVE-2010-0520
MD5 | c27732b06bc63f3d585e7421ea2c38b7
Month Of Abysssec Undisclosed Bugs - Apple QuickTime FLI
Posted Sep 18, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
systems | apple
advisories | CVE-2010-0520
MD5 | b65cedab3abbedcaca437a4def1b6c0a
Apple QuickTime Player DLL Hijacking
Posted Sep 13, 2010
Authored by Aung Khant | Site yehg.net

Apple QuickTime Player version 7.64.17.73 suffers from an insecure DLL hijacking vulnerability.

tags | advisory
systems | apple
MD5 | 084d1096eab5d5fa4a760cc803b52a2e
Month Of Abysssec Undisclosed Bugs - Apple QuickTime
Posted Sep 3, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.

tags | advisory, remote, code execution
systems | apple
advisories | CVE-2010-0519
MD5 | e1e2b6f4c40321ac93c73434a39dc229
Month Of Abysssec Undisclosed Bugs - Apple QuickTime FlashPix
Posted Sep 3, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.

tags | exploit, remote, code execution
systems | apple
advisories | CVE-2010-0519
MD5 | 3b8e0f535bf0ba3739f15044c0249d16
Secunia Security Advisory 41213
Posted Sep 1, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ruben Santamarta has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | apple
MD5 | 459f550f1fe5d6aa1ba640927ed33919
Zero Day Initiative Advisory 10-168
Posted Aug 31, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser.

tags | advisory, remote, web, arbitrary, activex
systems | apple
MD5 | f1e202e02d5bb2b6edce390377069eac
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
Posted Aug 30, 2010
Authored by Ruben Santamarta, jduck | Site metasploit.com

This Metasploit module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit utilizes a combination of heap spraying and the QuickTimeAuthoring.qtx module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions. NOTE: The addresses may need to be adjusted for older versions of QuickTime.

tags | exploit, arbitrary, code execution, activex
systems | windows, apple
advisories | CVE-2010-1818
MD5 | 7ad044f928efe468c6ea9c5cb5d51a74
Apple QuickTime _Marshaled_pUnk Backdoor Parameter Code Execution
Posted Aug 30, 2010
Authored by Ruben Santamarta | Site reversemode.com

Apple QuickTime suffers from a "_Marshaled_pUnk" backdoor parameter client-side arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
systems | apple
MD5 | e93ace586ff41f998cf0bacbb39e6d88
Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow
Posted Aug 16, 2010
Authored by Krystian Kloskowski, jduck | Site metasploit.com

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.6.6. When processing a malformed SMIL uri, a stack-based buffer overflow can occur when logging an error message.

tags | exploit, overflow
systems | apple
advisories | CVE-2010-1799
MD5 | 86889c929e573ecc452b6f495d2461ee
Zero Day Initiative Advisory 10-068
Posted Apr 9, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-068 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the parsing of H.263 media files. The code within QuickTime trusts various values from MDAT structures and uses them during operations on heap memory. By crafting specific values the corruption can be leveraged to execute remote code under the context of the user running the application.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2010-0062
MD5 | da0d14a38e5682af8fd20070c61434d9
Zero Day Initiative Advisory 10-067
Posted Apr 7, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-067 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the primary QuickTime.qts library when parsing the BkPixPat opcode (0x12) within a PICT file. The application will use 2 fields within the file in a multiply which is then passed as an argument to an allocation. As both operands in the multiply are user-controllable, specific values can cause an under allocation which will later result in a heap overflow. Successful exploitation can lead to code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0529
MD5 | b7fb33bbe279978ab23ddfc921229b98
Zero Day Initiative Advisory 10-045
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-045 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of MPEG content. Upon reading a field used for compression within a 'genl' atom in the movie container, the application will decompress outside the boundary of an allocated buffer. Successful exploitation can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-0526
MD5 | dc70bd314d240832093f255e43fe2584
Zero Day Initiative Advisory 10-044
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within QuickTimeAuthoring.qtx during the parsing of DELTA_FLI chunks stored within a malformed .fli file. The applications trusts a user-supplied length for decompression which can be modified to copy more data than necessary leading to a buffer overflow. Successful exploitation can lead to code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0520
MD5 | 0bc6e7106cf78b9ed858c495a36344af
Zero Day Initiative Advisory 10-043
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-043 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of a malformed SubImage Header Stream from a malicious FlashPix image. The application takes the NumberOfTiles field from this data structure, multiplies it by 16, and then uses it in an allocation. If this result is larger than 32-bits the value will wrap leading to an under-allocated buffer. Later when the application copies data into this buffer, a buffer overflow will occur leading to code execution within the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0519
MD5 | 36e6d051ce96ff39ff947e9f43fb43c4
Zero Day Initiative Advisory 10-042
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-042 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed MediaVideo data from a sample description atom (STSD). The application will read a length from the file, subtract 1 and then use it as a counter for a loop. Certain values may cause memory corruption and can result in code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-0528
MD5 | 23564d4dc01f56cdcbdb02c245c89b2b
Zero Day Initiative Advisory 10-041
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-041 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the rendering of an audio stream utilizing QDesign's audio codec. The application will perform an allocation utilizing a field specified in the sample's description. Later when initializing the buffer, the application will utilize a different length. If the lengths differ, then a buffer overflow will occur. This can lead to code execution under the context of the currently logged in user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0059
MD5 | 1dad2968a6b33883822a3f0cb0a77ef6
Zero Day Initiative Advisory 10-040
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-040 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed .mov file utilizing the RLE codec. While decoding RLE data, the application will fail to validate the size when decompressing the data into a heap chunk. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-0516
MD5 | 0d1870837d2d443f572f952be4c1429f
Zero Day Initiative Advisory 10-038
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the QuickTimeAudioSupport.qtx library when parsing malformed QDMC and QDM2 codec atoms. By modifying specific values within the stream an attacker can cause heap corruption which can lead to arbitrary code execution under the context of the currently logged in user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-0060
MD5 | 5431e3a86505f0d75afe781f91ddfba0
Zero Day Initiative Advisory 10-037
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of compressed mjpeg data from a malformed .mov file. The application will utilize the width and height fields in the file for calculating the size of a heap buffer. When copying into this buffer, the application will use a different field in the file to determine when to stop copying. If the first calculated length is smaller than the one used for decompression, a memory corruption will occur which can result in code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2010-0517
MD5 | acab7787b477a62b75377f466d874168
Zero Day Initiative Advisory 10-036
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within quicktime.qts when parsing sample data from a malformed .3g2 file that is utilizing the h.263 codec. While parsing data to render the video stream, the application will miscalculate the length of a buffer. Later when decompressing data to the heap chunk, the application will overflow the under allocated buffer leading to code execution under the context of the currently logged in user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0062
MD5 | 09c707b904119155a5524b70665a1413
Zero Day Initiative Advisory 10-035
Posted Apr 3, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime attempts to parse a malformed 'genl' atom that may be present in any QuickTime media file. A heap overflow is caused when QuickTime fails to perform proper bounds checking on the amount of data copied to the heap by a set of nested loops which can result in arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-0526
MD5 | 3e88b7113748f4c688c8858d3126b4dd
Page 3 of 4
Back1234Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    8 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close