Apple: >> Quicktime >> 7.0.8 Security Vulnerabilities
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
CVSS Score
6.8
EPSS Score
0.094
Published
2008-06-10
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVSS Score
9.3
EPSS Score
0.021
Published
2008-04-30
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
CVSS Score
6.8
EPSS Score
0.029
Published
2008-04-04
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
CVSS Score
4.3
EPSS Score
0.006
Published
2008-04-04
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVSS Score
6.8
EPSS Score
0.094
Published
2008-04-04
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
CVSS Score
6.8
EPSS Score
0.014
Published
2008-04-04
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVSS Score
6.8
EPSS Score
0.262
Published
2008-04-04
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
CVSS Score
6.8
EPSS Score
0.406
Published
2008-04-04
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.
CVSS Score
6.8
EPSS Score
0.439
Published
2008-04-04
Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
CVSS Score
6.8
EPSS Score
0.439
Published
2008-04-04