Denial of Service : Apple QuickTime Multiple Denial Of Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800494

Categoría: Denial of Service

Título: Apple QuickTime Multiple Denial Of Service Vulnerabilities - Windows

Resumen: Apple QuickTime is prone to multiple Denial Of Service vulnerabilities.

Descripción: Summary:
Apple QuickTime is prone to multiple Denial Of Service vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An heap buffer overflow in the handling of PICT images.

- A memory corruption issue in the handling of BMP images.

- An integer overflow in the handling of 'PICT' images.

- A memory corruption the handling of color tables in movie files.

Vulnerability Impact:
Successful exploitation will let attacker to cause an unexpected application
termination or arbitrary code execution.

Affected Software/OS:
Apple QuickTime before 7.6.6 on Windows.

Solution:
Upgrade to Apple QuickTime version 7.6.6 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0527
http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7458
Common Vulnerability Exposure (CVE) ID: CVE-2010-0529
Bugtraq: 20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/510569/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780
Common Vulnerability Exposure (CVE) ID: CVE-2010-0528
Bugtraq: 20100402 ZDI-10-042: Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/510518/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6989
Common Vulnerability Exposure (CVE) ID: CVE-2010-0536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800494
Categoría:	Denial of Service
Título:	Apple QuickTime Multiple Denial Of Service Vulnerabilities - Windows
Resumen:	Apple QuickTime is prone to multiple Denial Of Service vulnerabilities.
Descripción:	Summary: Apple QuickTime is prone to multiple Denial Of Service vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An heap buffer overflow in the handling of PICT images. - A memory corruption issue in the handling of BMP images. - An integer overflow in the handling of 'PICT' images. - A memory corruption the handling of color tables in movie files. Vulnerability Impact: Successful exploitation will let attacker to cause an unexpected application termination or arbitrary code execution. Affected Software/OS: Apple QuickTime before 7.6.6 on Windows. Solution: Upgrade to Apple QuickTime version 7.6.6 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0527 http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7458 Common Vulnerability Exposure (CVE) ID: CVE-2010-0529 Bugtraq: 20100406 ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510569/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6780 Common Vulnerability Exposure (CVE) ID: CVE-2010-0528 Bugtraq: 20100402 ZDI-10-042: Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510518/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6989 Common Vulnerability Exposure (CVE) ID: CVE-2010-0536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969
Copyright	Copyright (C) 2010 Greenbone AG