# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2012-3758 |
119 |
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file. |
2 |
CVE-2012-3757 |
|
|
DoS Exec Code Mem. Corr. |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. |
3 |
CVE-2012-3756 |
119 |
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file. |
4 |
CVE-2012-3755 |
119 |
1
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. |
5 |
CVE-2012-3754 |
399 |
|
DoS Exec Code |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
6 |
CVE-2012-3753 |
119 |
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. |
7 |
CVE-2012-3752 |
119 |
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. |
8 |
CVE-2012-3751 |
399 |
|
DoS Exec Code |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element. |
9 |
CVE-2012-0671 |
94 |
|
DoS Exec Code Mem. Corr. |
2012-05-16 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. |
10 |
CVE-2012-0670 |
189 |
|
DoS Exec Code Overflow |
2012-05-16 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file. |
11 |
CVE-2012-0668 |
119 |
|
DoS Exec Code Overflow |
2012-05-16 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding. |
12 |
CVE-2012-0665 |
119 |
|
DoS Exec Code Overflow |
2012-05-16 |
2017-12-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. |
13 |
CVE-2011-1374 |
119 |
|
DoS Exec Code Overflow |
2012-11-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file. |
14 |
CVE-2010-4009 |
189 |
|
DoS Exec Code Overflow |
2010-12-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
15 |
CVE-2010-3802 |
189 |
|
DoS Exec Code Mem. Corr. |
2010-12-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file. |
16 |
CVE-2010-3801 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-12-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file. |
17 |
CVE-2010-3800 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-12-09 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. |
18 |
CVE-2010-1818 |
824 |
|
Exec Code |
2010-08-31 |
2017-09-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. |
19 |
CVE-2009-2799 |
119 |
|
DoS Exec Code Overflow |
2009-09-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. |
20 |
CVE-2009-2798 |
119 |
|
DoS Exec Code Overflow |
2009-09-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. |
21 |
CVE-2009-2203 |
119 |
|
DoS Exec Code Overflow |
2009-09-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. |
22 |
CVE-2009-2202 |
|
|
DoS Exec Code Mem. Corr. |
2009-09-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. |
23 |
CVE-2009-0957 |
119 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. |
24 |
CVE-2009-0956 |
399 |
|
DoS Exec Code |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero. |
25 |
CVE-2009-0955 |
94 |
|
DoS Exec Code |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue." |
26 |
CVE-2009-0954 |
119 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. |
27 |
CVE-2009-0953 |
119 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. |
28 |
CVE-2009-0952 |
119 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image. |
29 |
CVE-2009-0951 |
119 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file. |
30 |
CVE-2009-0188 |
399 |
|
DoS Exec Code Mem. Corr. |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file. |
31 |
CVE-2009-0185 |
119 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. |
32 |
CVE-2009-0007 |
119 |
|
DoS Exec Code Overflow |
2009-01-21 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms. |
33 |
CVE-2009-0006 |
189 |
|
DoS Exec Code Overflow |
2009-01-21 |
2018-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. |
34 |
CVE-2008-3626 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2008-09-11 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
35 |
CVE-2008-1739 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-09-03 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption. |
36 |
CVE-2006-4389 |
|
|
Exec Code |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. |
37 |
CVE-2006-4388 |
|
|
Exec Code Overflow |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. |
38 |
CVE-2006-4386 |
|
|
Exec Code Overflow |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. |
39 |
CVE-2006-4385 |
|
|
Exec Code Overflow |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. |
40 |
CVE-2006-4384 |
|
|
Exec Code Overflow |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. |
41 |
CVE-2006-4382 |
|
|
Exec Code Overflow |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. |
42 |
CVE-2006-4381 |
|
|
Exec Code Overflow |
2006-09-12 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. |
43 |
CVE-2006-1453 |
119 |
|
Exec Code Overflow |
2006-05-12 |
2018-10-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information. |
44 |
CVE-2004-0988 |
|
|
DoS Overflow |
2005-03-01 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation. |
45 |
CVE-2004-0922 |
|
|
|
2005-01-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box. |
46 |
CVE-2004-0921 |
|
|
|
2005-01-27 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets. |
47 |
CVE-2003-0168 |
|
|
Exec Code Overflow |
2003-04-02 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. |