Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Quicktime
дополнено с 21 мая 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12382
Тип:библиотека
Уровень опасности:
8/10
Описание:Различные уязвимости при разборе TexML, H.264, MP4, MPEG, PNG, QTVR, JPEG2000, PICT и других аудио и видео форматов.
Затронутые продукты:APPLE : QuickTime 7.7
CVE:CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.)
 CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.)
 CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.)
 CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.)
 CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.)
 CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.)
 CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.)
 CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.)
 CVE-2012-0265 (Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.)
 CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.)
 CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.)
 CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.)
Оригинальный текстdocumentZDI, ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability (24.06.2012)
 documentZDI, ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution (13.06.2012)
 documentZDI, ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentRodrigo Rubira Branco (BSDaemon), Apple Quicktime Memory Corruption (CVE-2012-0671) (21.05.2012)
 documentAPPLE, APPLE-SA-2012-05-15-1 QuickTime 7.7.2 (21.05.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород