The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apple QuickTime

computer vulnerability bulletin CVE-2017-2218

Apple QuickTime: executing DLL code via the installer

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of Apple QuickTime, in order to execute code.
Impacted products: QuickTime.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet server.
Creation date: 13/06/2017.
Identifiers: CVE-2017-2218, JVN#94771799, VIGILANCE-VUL-22958.

Description of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of Apple QuickTime, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-4596 CVE-2016-4597 CVE-2016-4598

Apple QuickTime: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple QuickTime.
Impacted products: Mac OS X, QuickTime.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 19/07/2016.
Identifiers: CERTFR-2016-AVI-239, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, HT206903, VIGILANCE-VUL-20156.

Description of the vulnerability

Several vulnerabilities were announced in Apple QuickTime.

An attacker can generate a memory corruption via SGI, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4601]

An attacker can generate a memory corruption via Photoshop, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4599]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4596]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4597]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4600]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4602]

An attacker can generate a memory corruption via Image, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4598]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 19389

Apple QuickTime: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple QuickTime.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/04/2016.
Identifiers: HT205771, VIGILANCE-VUL-19389, ZDI-16-241, ZDI-16-242.

Description of the vulnerability

Several vulnerabilities were announced in Apple QuickTime.

An attacker can generate a memory corruption in Moov, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-16-241]

An attacker can generate a memory corruption in Atom, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-16-242]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-7085 CVE-2015-7086 CVE-2015-7087

Apple QuickTime: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple QuickTime.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 08/01/2016.
Identifiers: CERTFR-2016-AVI-006, CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117, TALOS-2016-0019, TALOS-2016-0020, TALOS-2016-0021, TALOS-2016-0022, TALOS-2016-0023, VIGILANCE-VUL-18658, ZDI-16-002.

Description of the vulnerability

Several vulnerabilities were announced in Apple QuickTime.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7085]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7086]

An attacker can generate a memory corruption of SAMR, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7087, TALOS-2016-0019]

An attacker can generate a memory corruption of MDAT, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7088, TALOS-2016-0020]

An attacker can generate a memory corruption of MDAT, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7089, TALOS-2016-0021]

An attacker can generate a memory corruption via DREF, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7090, TALOS-2016-0023]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7091]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7092, ZDI-16-002]

An attacker can generate a memory corruption via ALIS, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7117, TALOS-2016-0022]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3788 CVE-2015-3789 CVE-2015-3790

QuickTime: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of QuickTime.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 21/08/2015.
Identifiers: CERTFR-2015-AVI-362, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5779, CVE-2015-5785, CVE-2015-5786, HT205046, VIGILANCE-VUL-17727.

Description of the vulnerability

Several vulnerabilities were announced in QuickTime.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3788]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3789]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3790]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3791]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3792]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5751]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5779]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5785]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-5786]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-3661 CVE-2015-3662 CVE-2015-3663

Apple QuickTime: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple QuickTime.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 01/07/2015.
Revision date: 02/07/2015.
Identifiers: CERTFR-2015-AVI-274, CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3664, CVE-2015-3665, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3669, CVE-2015-3713, VIGILANCE-VUL-17272, ZDI-15-276, ZDI-15-277, ZDI-15-278, ZDI-15-279, ZDI-15-280, ZDI-15-289, ZDI-15-292.

Description of the vulnerability

Several vulnerabilities were announced in Apple QuickTime.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3661, ZDI-15-277]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3662, ZDI-15-280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3663, ZDI-15-279]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3664, ZDI-15-278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3665, ZDI-15-276]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3666, ZDI-15-289]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3667]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3668]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3669, ZDI-15-292]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-1391 CVE-2014-4350 CVE-2014-4351

Apple QuickTime: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple QuickTime.
Impacted products: QuickTime.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 23/10/2014.
Identifiers: APPLE-SA-2014-10-22-1, CERTFR-2014-AVI-441, CVE-2014-1391, CVE-2014-4350, CVE-2014-4351, CVE-2014-4979, VIGILANCE-VUL-15528.

Description of the vulnerability

Several vulnerabilities were announced in Apple QuickTime.

An attacker can generate a memory corruption in RLE decompression, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-1391]

An attacker can generate a buffer overflow in the processing of MIDI files, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-4350]

An attacker can generate a buffer overflow in the code processing audio data from m4a files, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-4351]

An attacker can generate a memory corruption in the processing of MVHD file section, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-4979]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-4979

Apple QuickTime: memory corruption via MVHD

Synthesis of the vulnerability

An attacker can generate a memory corruption via MVHD fields of an Apple QuickTime file, in order to trigger a denial of service, and possibly to execute code.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/07/2014.
Identifiers: CVE-2014-4979, VIGILANCE-VUL-15096, ZDI-14-264.

Description of the vulnerability

The file format for Apple QuickTime uses a MVHD atom to store videos.

However, when reading an MVHD atom, the memory is corrupted.

An attacker can therefore generate a memory corruption via MVHD fields of an Apple QuickTime file, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1032 CVE-2014-1243 CVE-2014-1244

QuickTime: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of QuickTime.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 26/02/2014.
Identifiers: APPLE-SA-2014-02-25-3, BID-65784, BID-65786, BID-65787, CERTFR-2014-AVI-090, CVE-2013-1032, CVE-2014-1243, CVE-2014-1244, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1251, VIGILANCE-VUL-14312, ZDI-14-044, ZDI-14-045, ZDI-14-046, ZDI-14-047, ZDI-14-048, ZDI-14-049.

Description of the vulnerability

Several vulnerabilities were announced in QuickTime.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65784, CVE-2014-1243, ZDI-14-044]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65786, CVE-2014-1244, ZDI-14-045]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-1032]

An attacker can generate a buffer overflow in stsz, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1245, ZDI-14-047]

An attacker can generate a buffer overflow in ftab, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1246, ZDI-14-048]

An attacker can generate a buffer overflow in dref, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1247, ZDI-14-046]

An attacker can generate a buffer overflow in ldat, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1248]

An attacker can generate a buffer overflow in PSD, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1249]

An attacker can generate a buffer overflow in ttfo, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1250]

An attacker can generate a buffer overflow in clef, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65787, CVE-2014-1251, ZDI-14-049]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-0986 CVE-2013-0987 CVE-2013-0988

QuickTime: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to display malicious documents with QuickTime, in order to execute code on his computer.
Impacted products: QuickTime.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 23/05/2013.
Identifiers: BID-60086, BID-60092, BID-60097, BID-60098, BID-60099, BID-60100, BID-60101, BID-60102, BID-60103, BID-60104, BID-60108, BID-60109, BID-60110, CERTA-2013-AVI-326, CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022, HT5770, VIGILANCE-VUL-12853, ZDI-13-080, ZDI-13-110, ZDI-13-111, ZDI-13-112, ZDI-13-113, ZDI-13-114, ZDI-13-115, ZDI-13-116, ZDI-13-117, ZDI-13-118, ZDI-13-119.

Description of the vulnerability

Several vulnerabilities were announced in QuickTime.

An attacker can generate a memory corruption via TeXML, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60110, CVE-2013-1015, ZDI-13-112]

An attacker can generate a buffer overflow via H.263, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60092, CVE-2013-1016, ZDI-13-117]

An attacker can generate a buffer overflow in the processing of "dref" atoms, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60097, CVE-2013-1017, ZDI-13-110]

An attacker can generate a buffer overflow via H.264, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60098, CVE-2013-1018, ZDI-13-113]

An attacker can generate a buffer overflow via MP3, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60101, CVE-2013-0989, ZDI-13-080]

An attacker can generate a buffer overflow in Sorenson, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60102, CVE-2013-1019, ZDI-13-118]

An attacker can generate a memory corruption via JPEG, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60108, CVE-2013-1020, ZDI-13-114]

An attacker can generate a memory corruption via QTIF, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60109, CVE-2013-0987]

An attacker can generate a buffer overflow via JPEG, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60103, CVE-2013-1021, ZDI-13-116]

An attacker can generate a buffer overflow in the processing of "enof" atoms, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60099, CVE-2013-0986, ZDI-13-111]

An attacker can generate a buffer overflow via FPX, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60100, CVE-2013-0988, ZDI-13-119]

An attacker can generate a buffer overflow in the processing of "mvhd" atoms, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-60104, CVE-2013-1022, ZDI-13-115]

An attacker can therefore invite the victim to display malicious documents with QuickTime, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.