VYPR

QuickTime Player

by Apple Inc.

CVEs (4)

  • CVE-2008-5406Dec 10, 2008
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."

  • CVE-2008-0234Jan 11, 2008
    risk 0.04cvss epss 0.12

    Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.

  • CVE-2011-3218Oct 14, 2011
    risk 0.00cvss epss 0.01

    The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local…

  • CVE-2008-2010Apr 30, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,…