Exploit the possiblities
Showing 76 - 100 of 100 RSS Feed

Files

Apple Quicktime FPX / PSD File Parsing Memory Corruption
Posted Mar 30, 2016
Authored by Francis Provencher

Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.

tags | exploit, vulnerability, proof of concept
systems | linux, apple
advisories | CVE-2016-1767, CVE-2016-1768, CVE-2016-1769
MD5 | 3c5a29ece12ebdfba29f33d2077a59cd

Related Files

Secunia Security Advisory 39133
Posted Apr 2, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | apple
MD5 | 3673f67f1ab4a5b9e76d7f405c60a15a
Apple Quicktime FLC Encoded Movie Heap Overflow
Posted Apr 1, 2010
Authored by Nicolas Joly | Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in Apple Quicktime. The flaw is caused by a heap overflow error when processing FLC encoded movie files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page or opening a malicious movie file.

tags | advisory, web, overflow, arbitrary
systems | apple
advisories | CVE-2010-0520
MD5 | baf8e74600c0f8e0432f47266fa2b3e7
Apple Quicktime PICT Handling Heap Overflow
Posted Apr 1, 2010
Authored by Nicolas Joly | Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in Apple Quicktime. The flaw is caused by a heap overflow error when processing PICT images with malformed atoms, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page or opening a malicious PICT file.

tags | advisory, web, overflow, arbitrary
systems | apple
advisories | CVE-2009-2837
MD5 | b910e99adc612914ec7562bef824b64d
Apple Quicktime PICT Processing Integer Overflow
Posted Apr 1, 2010
Authored by Nicolas Joly | Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in Apple Quicktime. The flaw is caused by an integer overflow error when processing PICT files with malformed data and atoms, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page or opening a malicious PICT image.

tags | advisory, web, overflow, arbitrary
systems | apple
advisories | CVE-2010-0527
MD5 | 547eb22a5b7cc7264013afc5742559f0
Apple QuickTime 7.2 / 7.3 RTSP Buffer Overflow
Posted Jan 7, 2010
Authored by Jacky

Apple QuickTime versions 7.2 and 7.3 RTSP buffer overflow exploit.

tags | exploit, overflow
systems | apple
MD5 | a4e4906a81f2d967f8b66729a9a4ec28
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
systems | apple
advisories | CVE-2007-6166
MD5 | 53ef97f1a29b0a357f71238f64bf8af4
Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
Posted Nov 26, 2009
Authored by MC, egypt | Site metasploit.com

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.1.3. This Metasploit module was inspired by MOAB-01-01-2007. The Browser target for this module was tested against IE 6 and Firefox 1.5.0.3 on Windows XP SP0/2; Firefox 3 blacklists the QuickTime plugin.

tags | exploit, overflow
systems | windows, apple, xp
advisories | CVE-2007-0015
MD5 | d2ab9eb9d899356379e076fe8e98c51f
Zero Day Initiative Advisory 09-064
Posted Sep 11, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-064 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. If the result of the multiplication is greater than 32bits, the application will allocate an undersized heap chunk. Later, the application will copy file data directly into this buffer leading to a buffer overflow which can allow for code execution under the context of the currently logged in user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2009-2798
MD5 | 8045d6fac8af982bc518e301cb2eca6f
Zero Day Initiative Advisory 09-063
Posted Sep 11, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-063 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2009-2799
MD5 | e2ab8b9ce1666fb14aea2b55984bd5c1
Secunia Security Advisory 36627
Posted Sep 10, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | apple
MD5 | 1bc18c40ca089698b81722eecfd755e7
Apple QuickTime CRGN Atom Overflow
Posted Jun 15, 2009
Authored by webDEViL

Apple QuickTime CRGN Atom stack overflow exploit that creates a malicious .mov file.

tags | exploit, overflow
systems | apple
MD5 | 960a151888b6385f6673b834eda30cc2
Apple QuickTime Image Description Atom Sign
Posted Jun 4, 2009
Authored by webDEViL

Apple QuickTime image description atom sign extension vulnerability proof of concept exploit.

tags | exploit, proof of concept
systems | apple
MD5 | c0c2915a40ddcf8fd40764d06104b77f
QuickTime Sorenson Video 3 Content Parsing Vulnerability
Posted Jun 3, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file. Successful exploitation may allow execution of arbitrary code. Apple QuickTime version 7.60 is vulnerable.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2009-0188
MD5 | 717f4e6658c04ae1104827bf33967f99
Apple QuickTime MS ADPCM Encoding Buffer Overflow
Posted Jun 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. Successful exploitation may allow execution of arbitrary code. Apple QuickTime version 7.6 is vulnerable.

tags | advisory, overflow, arbitrary
systems | apple
advisories | CVE-2009-0185
MD5 | bba7b7ba0ebec430741e19399bfc6b88
Zero Day Initiative Advisory 09-030
Posted Jun 3, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2009-0010
MD5 | 9bf715cbe4ec82ffa0cf02d41a06bddd
Zero Day Initiative Advisory 09-029
Posted Jun 3, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed Jpen2000 image files. A field is read directly from the file and used to allocate memory for a structure. If the value read is smaller then the expected structure size then a memory corruption will occur which can be leveraged by an attacker to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2009-0957
MD5 | 93ec52737aca8f17a5bee16fa8642cc1
Zero Day Initiative Advisory 09-027
Posted Jun 3, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x8201 QuickTime trusts a value contained in the file and makes an allocation accordingly. The process then enters a loop whose terminating condition is controlled. The previously allocated heap buffer can be overflowed leading to arbitrary code execution under the context of the user running QuickTime.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2009-0953
MD5 | 2d4a2ee623f219af5c4cea3f8222d043
Zero Day Initiative Advisory 09-026
Posted Jun 3, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a malformed .PSD image. While decoding the columns, rows and channels in the image header, the application trusts a different length for copying than used for allocating it. This results in a heap overflow and can lead to code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2009-0952
MD5 | c5b0b628eaa28f3955ad4f5ec517445f
Zero Day Initiative Advisory 09-021
Posted May 29, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2009-0010
MD5 | e5fc3e8cbc5e71334252b8a44ec7c09d
Secunia Security Advisory 35091
Posted May 24, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system

tags | advisory
systems | apple
MD5 | f0d227e9540209e8bfd976301bbf7248
Secunia Security Advisory 33632
Posted Jan 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | apple
MD5 | 27d49aeaf8039eeccc534acfb6e614fb
Secunia Security Advisory 33642
Posted Jan 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Apple QuickTime MPEG-2 Playback component, which can potentially be exploited by malicious people to compromise a user's system.

tags | advisory
systems | apple
MD5 | ad97c56e907dc9808cf849f1a9655bf7
Zero Day Initiative Advisory 09-08
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-008 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of JPEG atoms embedded in STSD atoms within the function JPEG_DComponentDispatch(). When the image width data in this atom is modified, a heap corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2009-0007
MD5 | 17c33457bd90b9e2a332f9364a09b4d3
Zero Day Initiative Advisory 09-07
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-007 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of movie data encoded using the Cinepak Video Codec. When parsing the data in the MDAT atom, there exists a signedness error which leads to a heap overflow. When this occurs it can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2009-0006
MD5 | d327df6babbdc6e39e5e993226a09333
Zero Day Initiative Advisory 09-06
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-006 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI files. When the AVI header contains a malformed nBlockAlign value in the _WAVEFORMATEX structure, a heap overflow may occur which can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, overflow, arbitrary
systems | apple
advisories | CVE-2009-0003
MD5 | 43db50512e2ccc58dc911610f4445471
Page 4 of 4
Back1234Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close