The Apple QuickTime Player H.264 Codec suffers from a remote integer overflow.
5ea34f1a02017755ab163173409e709d33150801387d77325edd97397697b054The Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow vulnerability.
1adf5c5c72d01c4624b85ffdd0aae6d195be716d1822865789e2e22f95233ac4QuickTime Player version 7.5.x stack buffer overflow exploit that creates a malicious .m3u file that triggers a connect-back shell.
a319d5068af721afd1fb462b59d9d5ac1adec2459ec05c78c49ed9b30ffa5286The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).
facb84d8419ffcf0bba2fe7f89e1f2ae1bc160d4a44a1f04b6c7f18419579e90Quicktime PictureViewer version 7.6.5 DLL hijacking exploit.
3c4993bb0ffd2ab50592053a13f3f93437f114eaaa769691e057f119d77020c2This Metasploit module exploits the Mac OS X Quicktime RTSP Content-Type overflow.
ad4d5f783ef4db1db560df2a1efd3229f2003c31ec35d1990be07b5c88e2e8fcSecunia Security Advisory - A vulnerability has been reported in the Apple QuickTime MPEG-2 Playback component, which can potentially be exploited by malicious people to compromise a user's system.
3583947739b2ba869ed0a3d91edf98b4598bd205b7ab1ad5a204a087c6630f07The Apple Quicktime Player versions 7.3.1.70 and below HTTP error message buffer overflow exploit.
89a653e5db8d7a3160f90c80abdc466ec35b708c1a5efdf2b96d5fa578d311a0The Apple Quicktime Player versions 7.3.1.70 and below suffer from a buffer overflow vulnerability during the filling of the LCD-like screen containing info about the status of the connection.
f26a1f120bf5f59a3f5ead9fa37499d578dc7f17d95a04199b428150d31705dfApple QuickTime player version 7.1 on Windows suffers from a remote heap overflow vulnerability.
65da3ab8f46f0b132528896188ac81e77e60eee67849338401fb5ac40456b761Apple Quicktime buffer overflow exploit for Windows 2000 that makes use of the rtsp URL Handler vulnerability. The qtl file created binds a shell to port 4444.
8668be442ac4578cbed1084e63009713cd92e994d70f4d374f3b519c655904a9Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing specially crafted TGA image files. This is due to an application failure to sanitize the parameter Color Map Entry Size while parsing TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
cd67a822ff370f9dc2ed6a580dba164b1c12edeed9edaa46caf6dc4a6956aab4Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TGA image files. This is due to application failure to sanitize the parameter ImageWidth value while parsing TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
7f7c93d74581c8bf0e5a052e5abee464179161e6e4b50965e105653b5072be4cFortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered an improper memory access vulnerability in the Apple QuickTime Player. The vulnerability exists when parsing specially crafted TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause memory access violation, leading to potential arbitrary command execution.
b631a860862da4e90b8e54eb3187262c7fb600075606e26c73dd38261da6474fFortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. Apple QuickTime has a denial of service vulnerability in parsing the specially crafted TIFF image files. This is due to an application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. A remote attacker could construct a web page with a specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will a cause memory access violation, leading to denial of service.
baab435debc09cc8f4dc4ab92b9e3e3b495072880b982fe42813601b6099cba5Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a vulnerability in the Apple QuickTime Player. Apple QuickTime has a vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripOffsets value while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
3b588cf7f6f92dd97bbaf61f07231058a4a3d25ed43f154b696b82c9a40f1898Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, and leading to potential arbitrary command execution.
09a92ec1846789359ad9a5d09cdc149c4401610255743ba875be582f9035afd4eEye Security Advisory - eEye Digital Security has discovered a critical heap overflow in the Apple Quicktime player that allows for the execution of arbitrary code via a maliciously crafted GIF file. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls.
cc94c3ea3b6b057626aed1b68cf54134be69b95753dba40f5fb6627667ad207fApple QuickTime PictureViewer is reported prone to remote memory overwrite vulnerability (exploitable via remotely originated content). Expansion of compressed PICT data could exceed the size of the destination buffer, this cause an memory overwrite. The vulnerability may lead to remote code execution when specially crafted picture file (PICT file) is being loaded. Software affected: QuickTime package 7.0.1 for Mac OS X 10.3, QuickTime package 7.0.1 for Mac OS X 10.4, QuickTime package 6.5.2 for Mac OS X 10.3, QuickTime package 6.5.2 for Mac OS X 10.2, QuickTime package 7x for Windows.
3b036f60cdfd01972d16163f01c31f694e97731c38b410af970ba5984b080fa5Apple QuickTime Player is reported prone to remote denial of service attack (exploitable via remotely originated content). A missing movie attribute is interpreted as an extension, but the absence of the extension is not flagged as an error, resulting in a de-reference of a NULL pointer. This will cause a denial of service against any application loading remotely-originated content. Software affected: QuickTime package 7.0.1 for Mac OS X 10.3, QuickTime package 7.0.1 for Mac OS X 10.4, QuickTime package 6.5.2 for Mac OS X 10.3, QuickTime package 6.5.2 for Mac OS X 10.2, QuickTime package 7x for Windows.
78f76c0519c801a0dfe0a4623f3d5c7c7bcc6623dc6b84d531c8fc2e896f1c67Apple QuickTime Player is reported prone to remote integer overflow vulnerability (exploitable via remotely originated content). Improper movie attributes could result in a very large memory copy, which lead to potential memory overwrite. The vulnerability may lead to remote code execution when specially crafted video file (MOV file) is being loaded. Software affected: QuickTime package 7.0.1 for Mac OS X 10.3, QuickTime package 7.0.1 for Mac OS X 10.4, QuickTime package 6.5.2 for Mac OS X 10.3, QuickTime package 6.5.2 for Mac OS X 10.2, QuickTime package 7x for Windows.
a7fa09ceb9372c03ccbab0386d3205945a1fd05053debe49950536097f029a4dApple QuickTime Player is reported prone to remote integer overflow vulnerability (exploitable via remotely originated content). A sign extension of an embedded "Pascal" style string could result in a very large memory copy, which lead to potential memory overwrite. The vulnerability may lead to remote code execution when specially crafted video file (MOV file) is being loaded. Software affected: QuickTime package 7.0.1 for Mac OS X 10.3, QuickTime package 7.0.1 for Mac OS X 10.4, QuickTime package 6.5.2 for Mac OS X 10.3, QuickTime package 6.5.2 for Mac OS X 10.2, QuickTime package 7x for Windows.
e5db0064c8b87bcc0db94f20691f219d8c4c634b26175e0704a2db53fdcf7edfA high risk vulnerability exists in Quicktime for Windows versions 6.5.2 and earlier.
e225e65e339978dc3071b9a5afce13c6687b3bd18967e4ff3e7c14bb2d873daaRapid7 Security Advisory - Several vulnerabilities have been found in the Apple QuickTime/Darwin Streaming Server, including denial of service, web root traversal, and script source disclosure.
088977e2989bbb584a3f0a1dd33037977138a112e0e0d0ac7e59fdc167b37bf7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed