QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
2.14%
Published
2011-10-14
Updated
2012-01-14
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
Max CVSS
6.8
EPSS Score
0.99%
Published
2011-10-14
Updated
2012-01-14
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
Max CVSS
2.6
EPSS Score
0.11%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
Max CVSS
6.8
EPSS Score
5.35%
Published
2011-10-14
Updated
2012-01-14
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
Max CVSS
6.8
EPSS Score
1.04%
Published
2011-10-14
Updated
2012-01-14
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
Max CVSS
6.8
EPSS Score
21.75%
Published
2011-03-11
Updated
2012-03-30
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.02%
Published
2011-10-14
Updated
2012-01-14
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
Max CVSS
6.8
EPSS Score
1.19%
Published
2011-10-14
Updated
2012-01-14
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
Max CVSS
6.8
EPSS Score
1.40%
Published
2011-10-14
Updated
2012-01-14
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.
Max CVSS
6.8
EPSS Score
0.56%
Published
2011-03-23
Updated
2011-06-27
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.
Max CVSS
6.8
EPSS Score
0.47%
Published
2011-03-23
Updated
2011-03-24
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.
Max CVSS
6.8
EPSS Score
0.41%
Published
2011-03-23
Updated
2011-03-24
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.
Max CVSS
6.8
EPSS Score
0.52%
Published
2011-03-23
Updated
2011-03-24
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
Max CVSS
6.8
EPSS Score
0.41%
Published
2011-03-23
Updated
2011-03-24
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.
Max CVSS
6.8
EPSS Score
0.41%
Published
2011-03-23
Updated
2011-03-24
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.
Max CVSS
6.8
EPSS Score
0.33%
Published
2011-03-23
Updated
2011-03-24
18 vulnerabilities found