Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 suffers from a remote code execution vulnerability.
755e32b54edf09bcc945c50382e1d9793c0e29cc4fd76dbedb13e82a13390a94Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 suffers from a remote code execution vulnerability.
bfafaebfaff6cd46b5c1fdee36d35413dda174b2f09f7738e05a56d5be3855d7Zero Day Initiative Advisory 10-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within QuickTimeAuthoring.qtx during the parsing of DELTA_FLI chunks stored within a malformed .fli file. The applications trusts a user-supplied length for decompression which can be modified to copy more data than necessary leading to a buffer overflow. Successful exploitation can lead to code execution under the context of the current user.
3d9a104affc70e6b751a7e18e2fd12bf8b648c45aa4296843e8db2df6f0d1be4VUPEN Vulnerability Research Team discovered a vulnerability in Apple Quicktime. The flaw is caused by a heap overflow error when processing FLC encoded movie files, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page or opening a malicious movie file.
4cfffb94b7511115e3a60cb845becd8bf61bfddf9c72a478a98b9706a727c01f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed