Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple QuickTime
дополнено с 31 октября 2011 г.
Опубликовано:20 августа 2012 г.
Источник:
SecurityVulns ID:12002
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти при разборе различных форматов данных, межсайтовый скриптинг.
Затронутые продукты:APPLE : QuickTime 7.7
CVE:CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.)
 CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.)
 CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.)
 CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.)
 CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.)
 CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.)
 CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.)
 CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.)
 CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.)
Оригинальный текстdocumentZDI, ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability (20.08.2012)
 documentZDI, ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentAPPLE, APPLE-SA-2011-10-26-1 QuickTime 7.7.1 (31.10.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород