Tom Gallagher

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.9.5 QuickTime (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted movie file with RLE encoding. **Recommendations** For Apple OS X versions prior to 10.9.5, update to version 10.9.5 or later to resolve the issue. For QuickTime, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess versions prior to 7.2 **Description** The issue concerns SQL injection vulnerabilities in the DBVisitor.dll component of Advantech WebAccess. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. **Recommendations** For versions prior to 7.2, update to version 7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.5 **Description** The issue is related to the lack of initialization of an unspecified pointer, which can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. This can be achieved through a crafted track list in a movie file. **Recommendations** For Apple QuickTime versions prior to 7.7.5, update to version 7.7.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of movie files from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.5 **Description** The issue is related to an integer signedness error that can be triggered by a crafted stsz atom in a movie file, allowing remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For versions prior to 7.7.5, update to version 7.7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.5 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted dref atom in a movie file. **Recommendations** For versions prior to 7.7.5, update to version 7.7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted movie file with H.263 encoding. This is related to a buffer overflow in the H.263 parsing component. **Recommendations** For versions prior to 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of H.263 encoded movie files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via crafted enof atoms in a movie file. **Recommendations** For versions prior to 7.7.4, update to version 7.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via crafted dref atoms in a movie file. This is related to buffer overflow in the parsing of dref volume names. **Recommendations** For versions prior to 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted movie files that could trigger the buffer overflow until a patch is applied. Restrict access to potentially malicious movie files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.4 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted movie file with Sorenson encoding. This can lead to an application crash. **Recommendations** For versions prior to 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Sorenson encoded movie files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.2 **Description** The issue is related to an integer overflow in Apple QuickTime, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted sean atom in a movie file. **Recommendations** For versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue.