Total
250 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0248 | 2 Apple, Microsoft | 5 Quicktime, Internet Explorer, Windows 7 and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. | |||||
CVE-2008-3615 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2018-11-01 | 9.3 HIGH | N/A |
ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
CVE-2008-3626 | 1 Apple | 1 Quicktime | 2018-10-30 | 6.8 MEDIUM | N/A |
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||||
CVE-2008-3614 | 2 Apple, Microsoft | 4 Quicktime, Windows-nt, Windows Vista and 1 more | 2018-10-30 | 6.8 MEDIUM | N/A |
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. | |||||
CVE-2007-2396 | 1 Apple | 1 Quicktime | 2018-10-30 | 9.3 HIGH | N/A |
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | |||||
CVE-2008-3629 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Quicktime and 3 more | 2018-10-30 | 4.3 MEDIUM | N/A |
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. | |||||
CVE-2008-3624 | 2 Apple, Microsoft | 5 Mac Os X, Quicktime, Windows-nt and 2 more | 2018-10-30 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. | |||||
CVE-2007-2402 | 1 Apple | 1 Quicktime | 2018-10-30 | 4.3 MEDIUM | N/A |
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. | |||||
CVE-2007-0714 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2018-10-30 | 9.3 HIGH | N/A |
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. | |||||
CVE-2008-1739 | 1 Apple | 1 Quicktime | 2018-10-30 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. | |||||
CVE-2007-2392 | 1 Apple | 2 Mac Os X, Quicktime | 2018-10-30 | 9.3 HIGH | N/A |
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
CVE-2007-2393 | 1 Apple | 1 Quicktime | 2018-10-30 | 9.3 HIGH | N/A |
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | |||||
CVE-2007-6166 | 2 Apple, Microsoft | 5 Mac Os X, Quicktime, Safari and 2 more | 2018-10-30 | 9.3 HIGH | N/A |
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. | |||||
CVE-2007-2394 | 1 Apple | 2 Mac Os X, Quicktime | 2018-10-30 | 9.3 HIGH | N/A |
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. | |||||
CVE-2007-0711 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2018-10-30 | 9.3 HIGH | N/A |
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. | |||||
CVE-2007-2397 | 1 Apple | 1 Quicktime | 2018-10-30 | 9.3 HIGH | N/A |
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. | |||||
CVE-2007-0059 | 1 Apple | 1 Quicktime | 2018-10-30 | 6.8 MEDIUM | N/A |
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | |||||
CVE-2008-2010 | 2 Apple, Microsoft | 3 Quicktime, Windows Vista, Windows Xp | 2018-10-30 | 9.3 HIGH | N/A |
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-0712 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2018-10-30 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. | |||||
CVE-2008-3635 | 3 Apple, Intel, Microsoft | 5 Quicktime, Indeo, Windows-nt and 2 more | 2018-10-30 | 9.3 HIGH | N/A |
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |