CVE-2008-4116
- EPSS 11.62%
- Veröffentlicht 18.09.2008 15:04:27
- Zuletzt bearbeitet 16.06.2026 22:57:12
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o...
CVE-2008-3636
- EPSS 0.42%
- Veröffentlicht 11.09.2008 01:13:10
- Zuletzt bearbeitet 16.06.2026 22:56:11
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear So...
CVE-2008-3634
- EPSS 1.64%
- Veröffentlicht 11.09.2008 01:13:09
- Zuletzt bearbeitet 16.06.2026 22:56:11
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would b...
CVE-2008-3434
- EPSS 2.62%
- Veröffentlicht 01.08.2008 14:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:49
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2007-3752
- EPSS 5.53%
- Veröffentlicht 06.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:39
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
CVE-2007-1008
- EPSS 2.14%
- Veröffentlicht 20.02.2007 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:45
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which ...
CVE-2006-1467
- EPSS 6.89%
- Veröffentlicht 29.06.2006 23:05:00
- Zuletzt bearbeitet 16.06.2026 22:22:43
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table si...
CVE-2006-1249
- EPSS 6%
- Veröffentlicht 19.03.2006 01:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:18
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
CVE-2005-4092
- EPSS 8.78%
- Veröffentlicht 08.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:12
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource at...
CVE-2005-2938
- EPSS 0.39%
- Veröffentlicht 18.11.2005 06:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:56
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.