Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Home  Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). Network Enabled Discount: SecuriTeam5_SANS Promo With Us Subjects of Interest: Vulnerability Management SQL Injection Buffer Overflows Active Network Scanning Fuzzing Fuzzer Report Network Security Network Scanner Pen Testing Security Scanner Scanner Review Fuzzer Review Web Scanner Review	Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability 11 Sep. 2009    Summary This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.   Credit: Free Website Security Scan Free Fuzzer Report Vulnerability Assessment Detect web app vulnerabilities University study comparing the top Accurate and automated scanning Get guidance from professionals. 6 commercially availble fuzzers. for networks of any size.    Details Protect your website! Free Trial, Nothing to install. No interruption of visitors. www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Apple Quicktime This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user. Patch Availability: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859 CVE Information: CVE-2009-2799 Disclosure Timeline: 2009-07-28 - Vulnerability reported to vendor 2009-09-10 - Coordinated public release of advisory -------------------------------------------------------------------------------------------------------------------------------- Learn how website security by scanning is reducing the risk of vulnerabilities like this. -  Comments: blog comments powered by Disqus	Related Articles Oracle Commerce Guided Search 6.5.2 Remote Code Execution Vulnerability Microsoft Windows Vista Gain privileges Obtain Information Vulnerability Microsoft Windows 10 1511 Graphics Execute Code Vulnerability Microfocus Host Access Management And Security Server 12.2 Directory traversal Vulnerability Linux Kernel 4.8.11 Denial Of Service Vulnerability IBM Security Guardium Database Activity Monitor 10.01 Remote Code Execution Vulnerability IBM Maximo Asset Management 7.5.0.0 Cross Site Scripting Vulnerability Google Android Binder Denial Of Service Vulnerability Google Android 7.1.0 Qualcomm Execute Code Vulnerability Google Android 7.0 Qualcomm Execute Code Vulnerability Cisco IOS 12.2(33)sxj9 Bypass a restriction or similar Vulnerability Adobe Reader 11.0.17 Windows Classic Denial Of Service Execute Code Overflow Memory corruption Vulnerability Adobe Acrobat Reader Dc Classic Classic Denial Of Service Execute Code Overflow Memory corruption Vulnerability Oracle Siebel Customer Order Management 16.1 Remote Code Execution Vulnerability Redhat JEnterprise Virtualization 4.0 Obtain Information Vulnerability Oracle Flexcube Private Banking 12.0.3 Remote Code Execution Vulnerability Microsoft Edge Elevation Gain privileges Vulnerability Libdwarf 2016-10-21 Denial Of Service Overflow Obtain Information Vulnerability IBM Bigfix Remote Control POST Obtain Information Vulnerability Google Android Obtain Information Vulnerability  Featured Articles IBM Security Guardium Database Activity Monitor 10.01 Remote Code Execution Vulnerability Lenovo Thinkpad 10 Ella 2 Bios Denial Of Service Vulnerability Adobe Acrobat Dc 15.017.20053 Continuous Execute Code Vulnerability Microsoft Windows 10 1607 Denial Of Service Execute Code Vulnerability IBM Sterling Secure Proxy HTTP Cross Site Scripting Obtain Information Vulnerability Cisco Nx-os 4.1.(3) Execute Code Overflow Vulnerability Adobe Acrobat Dc 15.006.30201 Continuous Classic OS Execute Code Vulnerability Microsoft Lync 2013 Bypass a restriction or similar Obtain Information Vulnerability IBM Websphere Application Server 7.0.0.0 Obtain Information CSRF Vulnerability Microsoft Windows Server 2012 R2 Execute Code Vulnerability Google Android 6.0.1 Execute Code Vulnerability Cisco Videoscape Distribution Suite Service Manager 3.0 BaseCross Site Scripting Vulnerability Oracle Hospitality Opera 5 Property Services 5.5.0.0 Remote Code Execution Vulnerability Adobe Acrobat 11.0.17 Classic Continuous Denial Of Service Execute Code Overflow Memory corruption Vulnerability IBM Forms Experience Builder 8.5.0.0 Cross Site Scripting CSRF Vulnerability Microsoft Windows Server 2012 Execute Code Overflow Memory corruption Vulnerability Cisco Firesight System Software 4.10.2 CSRF Vulnerability Adobe Acrobat Reader Dc 15.006.30201 OS Windows Denial Of Service Execute Code Overflow Memory corruption Vulnerability IBM Rational Software Architect Design Manager 6.0.2 Cross Site Scripting Vulnerability Oracle Netbeans 8.1 Gain privileges Directory traversal Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®