CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2005 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4092 DoS Exec Code Overflow 2005-12-08 2009-04-03
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
2 CVE-2005-3713 119 Exec Code Overflow 2005-12-31 2011-10-18
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
3 CVE-2005-3712 119 Exec Code Overflow 2005-12-31 2011-10-17
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
4 CVE-2005-3711 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
5 CVE-2005-3710 189 Exec Code Overflow 2005-12-31 2011-10-12
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
6 CVE-2005-3708 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
7 CVE-2005-3707 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
8 CVE-2005-3706 Exec Code Overflow 2005-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
9 CVE-2005-3705 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
10 CVE-2005-2757 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
11 CVE-2005-2756 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
12 CVE-2005-2754 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
13 CVE-2005-2753 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
14 CVE-2005-2747 Exec Code Overflow 2005-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
15 CVE-2005-2744 Exec Code Overflow 2005-10-25 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
16 CVE-2005-2521 Exec Code Overflow 2005-08-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
17 CVE-2005-2518 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
18 CVE-2005-2514 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
19 CVE-2005-2507 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
20 CVE-2005-2505 Exec Code Overflow 2005-08-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
21 CVE-2005-2502 Exec Code Overflow 2005-08-19 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
22 CVE-2005-2501 Exec Code Overflow 2005-08-19 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
23 CVE-2005-2340 119 Exec Code Overflow 2005-12-31 2011-10-18
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
24 CVE-2005-1721 Exec Code Overflow 2005-06-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code.
25 CVE-2005-1343 Exec Code Overflow 2005-05-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.
26 CVE-2005-1336 Exec Code Overflow 2005-05-04 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.
27 CVE-2005-1248 Exec Code Overflow 2005-05-16 2013-11-01
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
28 CVE-2005-1106 DoS Overflow 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.
29 CVE-2005-0972 Exec Code Overflow 2005-05-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
30 CVE-2005-0971 Overflow +Priv 2005-05-12 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
31 CVE-2005-0969 DoS Exec Code Overflow 2005-05-12 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
32 CVE-2005-0903 DoS Overflow 2005-05-02 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
33 CVE-2005-0716 Exec Code Overflow 2005-03-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
34 CVE-2005-0594 Exec Code Overflow 2005-05-04 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
35 CVE-2005-0043 Exec Code Overflow 2005-05-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
36 CVE-2004-0988 DoS Overflow 2005-03-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.
37 CVE-2004-0926 Exec Code Overflow 2005-01-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
38 CVE-2004-0886 DoS Overflow Mem. Corr. 2005-01-27 2010-08-21
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.