>> TAG: #xss

[APPLE]

>> Zero Day Initiative Advisory 12-109

USER: deepcore // 2012-06-29 // 0 CMT

Zero Day Initiative Advisory 12-109 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file

[APPLE]

>> Apple Security Advisory 2012-06-11-1

USER: deepcore // 2012-06-12 // 0 CMT

Apple Security Advisory 2012-06-11-1 – iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.

[APPLE]

>> Zero Day Initiative Advisory 12-077

USER: deepcore // 2012-06-06 // 0 CMT

Zero Day Initiative Advisory 12-077 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuickTimeVR.qtx component

[APPLE]

>> Zero Day Initiative Advisory 12-075

USER: deepcore // 2012-06-06 // 0 CMT

Zero Day Initiative Advisory 12-075 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec