CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2005 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4092 DoS Exec Code Overflow 2005-12-08 2009-04-03
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
2 CVE-2005-3713 119 Exec Code Overflow 2005-12-31 2011-10-18
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
3 CVE-2005-3712 119 Exec Code Overflow 2005-12-31 2011-10-17
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
4 CVE-2005-3711 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
5 CVE-2005-3710 189 Exec Code Overflow 2005-12-31 2011-10-12
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
6 CVE-2005-3709 189 DoS Exec Code 2005-12-31 2011-10-11
7.5
User Remote Low Not required Partial Partial Partial
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
7 CVE-2005-3708 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
8 CVE-2005-3707 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
9 CVE-2005-3706 Exec Code Overflow 2005-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
10 CVE-2005-3705 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
11 CVE-2005-3700 Exec Code 2005-11-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
12 CVE-2005-2757 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
13 CVE-2005-2756 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
14 CVE-2005-2754 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
15 CVE-2005-2753 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
16 CVE-2005-2747 Exec Code Overflow 2005-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
17 CVE-2005-2744 Exec Code Overflow 2005-10-25 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
18 CVE-2005-2743 Exec Code 2005-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
19 CVE-2005-2522 Exec Code 2005-08-19 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
20 CVE-2005-2521 Exec Code Overflow 2005-08-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
21 CVE-2005-2518 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
22 CVE-2005-2516 Exec Code 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
23 CVE-2005-2514 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
24 CVE-2005-2507 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
25 CVE-2005-2505 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
26 CVE-2005-2502 Exec Code Overflow 2005-08-19 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
27 CVE-2005-2501 Exec Code Overflow 2005-08-19 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
28 CVE-2005-2340 119 Exec Code Overflow 2005-12-31 2011-10-18
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
29 CVE-2005-1933 Exec Code 2005-06-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.
30 CVE-2005-1721 Exec Code Overflow 2005-06-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code.
31 CVE-2005-1343 Exec Code Overflow 2005-05-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.
32 CVE-2005-1342 Exec Code 2005-05-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.
33 CVE-2005-1341 Exec Code 2005-05-04 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
34 CVE-2005-1336 Exec Code Overflow 2005-05-04 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.
35 CVE-2005-1307 Exec Code 2005-05-17 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
36 CVE-2005-1248 Exec Code Overflow 2005-05-16 2013-11-01
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
37 CVE-2005-0972 Exec Code Overflow 2005-05-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
38 CVE-2005-0969 DoS Exec Code Overflow 2005-05-12 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
39 CVE-2005-0716 Exec Code Overflow 2005-03-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
40 CVE-2005-0594 Exec Code Overflow 2005-05-04 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
41 CVE-2005-0126 Exec Code 2005-05-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.
42 CVE-2005-0125 Exec Code 2005-05-02 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
43 CVE-2005-0043 Exec Code Overflow 2005-05-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
44 CVE-2004-0962 Exec Code 2005-02-09 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
45 CVE-2004-0926 Exec Code Overflow 2005-01-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.