Matt Jurczyk

Researcher fromTippingPoint's Zero Day Initiative
#5801of 53,632
46.5Total CVSS
Vulnerabilities · 5
High
5
PT-2011-4341
9.3
2011-10-27
Apple · Apple Quicktime · CVE-2011-3249
**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.1 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted movie file with FLC encoding. This can lead to an application crash. **Recommendations** For versions prior to 7.7.1, update to version 7.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of FLC encoded movie files until the update is applied.
PT-2011-2231
9.3
2011-08-08
Apple · Apple Quicktime · CVE-2011-0257
**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7 **Description** The issue is related to an integer signedness error that can be triggered by a crafted PnSize opcode in a PICT file, leading to a stack-based buffer overflow. This can result in the execution of arbitrary code or cause a denial of service, such as an application crash. **Recommendations** For Apple QuickTime versions prior to 7.7, update to version 7.7 or later to resolve the issue.
PT-2011-2223
9.3
2011-08-03
Apple · Apple Quicktime · CVE-2011-0249
**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7 **Description** The issue is related to a heap-based buffer overflow that can be triggered by crafted STSC atoms in a QuickTime movie file, allowing remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted QuickTime movie files that contain malicious STSC atoms until the update is applied.
PT-2011-2224
9.3
2011-08-03
Apple · Apple Quicktime · CVE-2011-0250
**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7 **Description** The issue is related to a heap-based buffer overflow that can be triggered by crafted STSS atoms in a QuickTime movie file, allowing remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted QuickTime movie files that contain malicious STSS atoms until the update is applied.
PT-2011-2225
9.3
2011-08-03
Apple · Apple Quicktime · CVE-2011-0251
**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7 **Description** The issue is related to a heap-based buffer overflow that can be triggered by crafted STSZ atoms in a QuickTime movie file, allowing remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. **Recommendations** For versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted QuickTime movie files that contain malicious STSZ atoms until the update is applied.