QuickTime Player
by Apple Inc.
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0234 | 0.07 | — | 0.45 | Jan 11, 2008 | Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. | |||
| CVE-2008-5406 | 0.03 | — | 0.06 | Dec 10, 2008 | Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | |||
| CVE-2003-0168 | 0.03 | — | 0.33 | Apr 2, 2003 | Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. | |||
| CVE-2002-0252 | 0.03 | — | 0.04 | May 29, 2002 | Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. | |||
| CVE-2006-1249 | 0.02 | — | 0.27 | Mar 19, 2006 | Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||
| CVE-2011-3218 | 0.00 | — | 0.01 | Oct 14, 2011 | The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local… | |||
| CVE-2008-2010 | 0.00 | — | 0.02 | Apr 30, 2008 | Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,… | |||
| CVE-2006-1458 | 0.00 | — | 0.03 | May 12, 2006 | Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. | |||
| CVE-2005-2755 | 0.00 | — | 0.01 | Nov 5, 2005 | Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference. | |||
| CVE-2005-1579 | 0.00 | — | 0.03 | May 12, 2005 | Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. |
- CVE-2008-0234Jan 11, 2008risk 0.07cvss —epss 0.45
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
- CVE-2008-5406Dec 10, 2008risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
- CVE-2003-0168Apr 2, 2003risk 0.03cvss —epss 0.33
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
- CVE-2002-0252May 29, 2002risk 0.03cvss —epss 0.04
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
- CVE-2006-1249Mar 19, 2006risk 0.02cvss —epss 0.27
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
- CVE-2011-3218Oct 14, 2011risk 0.00cvss —epss 0.01
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local…
- CVE-2008-2010Apr 30, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,…
- CVE-2006-1458May 12, 2006risk 0.00cvss —epss 0.03
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
- CVE-2005-2755Nov 5, 2005risk 0.00cvss —epss 0.01
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
- CVE-2005-1579May 12, 2005risk 0.00cvss —epss 0.03
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.