Monthly Archive: May 2012

Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000...

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Date published :...

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Date published :...

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie...

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. Date published...

Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no...

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting...

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash)...

Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows...

The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. Date published : 2012-05-10 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://www.securityfocus.com/bid/53445

Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Date published : 2012-05-10 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html...

Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. Date published : 2012-05-09 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c2a2ad133eb9d42361804a568dee336992349a5e http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.8.3

Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors. Date published : 2012-05-09 http://www.securityfocus.com/bid/53415 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03312417

Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-05-09 http://www.securityfocus.com/bid/53415 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03312417