Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime / iTunes multiple vulnerabilities
updated since 12.01.2006
Published:12.05.2007
Source:
SecurityVulns ID:5620
Type:client
Threat Level:
6/10
Description:Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing.
Affected:APPLE : QuickTime 7.0
CVE:CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.)
Original documentdocument3COM, TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability (12.05.2007)
 documentFortinet Research, [VulnWatch] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability" (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability" (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability (13.01.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-011A -- Apple QuickTime Vulnerabilities (12.01.2006)
 documentEEYE, [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow (12.01.2006)
 documentEEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006)
 documentEEYE, [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow (12.01.2006)
 documentEEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod