Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности Apple QuickTime
дополнено с 12 декабря 2010 г.
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11290
Тип:удаленная
Уровень опасности:
8/10
Описание:Повреждения памяти при просмотре MPEG, Sorenson, AVI, JP2, FlashPix, GIF, PICT, QTVR и других.
Затронутые продукты:QUICKTIME : QuickTime 7.6
CVE:CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.)
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.)
 CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.)
 CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.)
 CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.)
 CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.)
 CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.)
 CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.)
 CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.)
 CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.)
Оригинальный текстdocumentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-038: Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability (04.02.2011)
 documentCHECKPOINT, Apple Quicktime Memory Corruption - CVE-2010-3801 (17.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability (12.12.2010)
 documentSECUNIA, Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability (12.12.2010)
 documentAPPLE, About the security content of QuickTime 7.6.9 (12.12.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород