Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Home  Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). Security for Critical Infrastructure San Diego BIGIT Malaysia Cyber Intelligence Europe Romania Cyber Security Exchange Discount: SecuriTeam5_SANS Promo With Us Subjects of Interest: Vulnerability Management SQL Injection Buffer Overflows Active Network Scanning Fuzzing Fuzzer Report Network Security Network Scanner Pen Testing Security Scanner Scanner Review Fuzzer Review Web Scanner Review	Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability 11 Sep. 2009    Summary This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.   Credit: Free Website Security Scan Free Fuzzer Report Vulnerability Assessment Detect web app vulnerabilities University study comparing the top Accurate and automated scanning Get guidance from professionals. 6 commercially availble fuzzers. for networks of any size.    Details Protect your website! Free Trial, Nothing to install. No interruption of visitors. www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Apple Quicktime This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user. Patch Availability: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859 CVE Information: CVE-2009-2799 Disclosure Timeline: 2009-07-28 - Vulnerability reported to vendor 2009-09-10 - Coordinated public release of advisory -------------------------------------------------------------------------------------------------------------------------------- Learn how website security by scanning is reducing the risk of vulnerabilities like this. -  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Oracle Webcenter Sites 11.1.1.8 Remote Code Execution Vulnerability Oracle Retail Order Broker Cloud Service 15.0 Remote Code Execution Vulnerability Oracle Peoplesoft Enterprise Peopletools 8.53 Remote Code Execution Vulnerability Oracle Mysql CPU Remote Code Execution Vulnerability Oracle Knowledge Remote Code Execution Vulnerability Oracle Glassfish Server Remote Code Execution Vulnerability Oracle E-business Suite 12.2.5 Remote Code Execution Vulnerability Oracle Advanced Collections 12.1.1 Remote Code Execution Vulnerability Microsoft Office 2010 Word Viewer Execute Code Overflow Memory Corruption Vulnerability Google Android 6.0.1 Qualcomm Bypass a restriction or similar Vulnerability Google Android 6.0.1 Overflow Bypass a restriction or similar Vulnerability Google Android 5.0.1 Gain privileges Vulnerability Apple Webkit Safari Denial Of Service Execute Code Overflow Memory corruption Vulnerability Apple Mac Os X Denial Of Service Execute Code Overflow Memory corruption Vulnerability Adobe Flash Player 18.0.0.360 Windows Execute Code Vulnerability Adobe Flash Player 11.2.202.626 Obtain Information Vulnerability Adobe Flash Player 11.2.202.626 Macintosh Execute Code Vulnerability Adobe Flash Player 11.2.202.626 Execute Code Overflow Vulnerability Adobe Acrobat 11.0.16 Execute Code Overflow Vulnerability Oracle Webcenter Sites Remote Code Execution Vulnerability  Featured Articles Microsoft Office 2010 Word Viewer Execute Code Overflow Memory Corruption Vulnerability Google Chrome WebKit Bypass a restriction or similar Vulnerability Oracle Documaker 12.5 Remote Code Execution Vulnerability Adobe Flash Player 11.2.202.626 Windows And OS X Denial Of Service Execute Code Overflow Memory Corruption Vulnerability Microsoft Office 2010 Office Web Apps Execute Code Overflow Memory Corruption Vulnerability Cisco Asr 5000 Remote Code Execution Vulnerability IBM Jazz Reporting Service 5.0 CSRF Vulnerability Adobe Acrobat Reader Dc Denial Of Service Execute Code Overflow Memory Corruption Vulnerability Microsoft Windows 10 Bypass A Restriction Obtain Information Vulnerability Cisco Threat Grid Appliance 1.0 Base Bypass a restriction Obtain Information Vulnerability Microsoft Edge JavaScript Engines Denial Of Service Execute Code Overflow Memory Corruption Vulnerability Adobe Flash Player 18.0.0.360 Execute Arbitrary Code Denial Of Service Execute Code Overflow Memory Corruption Vulnerability IBM Security Directory Server 6.3.1 Directory traversal Obtain Information Vulnerability Cisco Telepresence Video Communication Base Base Bypass a restriction or similar Vulnerability Google Chrome 51.0.2704.106 Obtain Information Vulnerability Adobe Flash Player 11.2.202.626 Denial Of Service Execute Code Overflow Memory Corruption Vulnerability Apple Mac Os X 10.11.5 Denial Of Service Execute Code Overflow Vulnerability IBM Java Sdk 6.0.15.21 Bypass restriction Vulnerability Cisco Amp Threat Grid Appliance 1.0 Base Bypass a restriction or similar Obtain Information Vulnerability Google Android Overflow Gain privileges Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®