eEye Digital Security has discovered a critical vulnerability in QuickTime Player. There is a integer overflow in the way QuickTime processes fpx format files. An attacker can create a fpx file and send it to the user via email, web page, or fpx file with activex.
43adc773eca673b0b8c59d551604cc2d366d6bcdd7893a6ec67c822b737336af
eEye Security Advisory - eEye Digital Security has discovered a critical heap overflow in the Apple Quicktime player that allows for the execution of arbitrary code via a maliciously crafted GIF file. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls.
cc94c3ea3b6b057626aed1b68cf54134be69b95753dba40f5fb6627667ad207f
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. There is a stack overflow in the way QuickTime processes qtif format files. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1.
f381d5232929605ca4544156e61651d6220094f6bc738402ffb8bfa678a9c719
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way Windows uncompresses Embedded Open Type fonts that would allow the author of a malicious web page to execute arbitrary code on the system of a user who visits the site, at the privilege level of that user.
5d5df9c36634b0c7922e727101b818c6f338d4a69fd928cbba0a0a9bfd66cf07
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the heap with arbitrary data and execute arbitrary code in the context of the user under which the player is running. Systems Affected include Windows: RealPlayer 10.5 (6.0.12.1040-1235), RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8.
e3816b5f02fa98d487c0d02730d88c67c2aa3470592f50c4c4f8273fea543cea
eEye Security Advisory - eEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows enhanced metafile images (file extensions EMF and WMF). An attacker could send a malicious metafile to a victim of his choice over any of a variety of media -- such as HTML e-mail, a link to a web page, a metafile-bearing Microsoft Office document, or a chat message -- in order to execute code on that user's system at the user's privilege level.
fbe0e7b4b08c26cdcbea6f41f6a2f4a4b4680d5b2050eb53b95436d4a2a12232
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows Metafile (WMF) format image files that would allow arbitrary code execution as a user who attempts to view a malicious image. An attacker could send such a metafile to a victim of his choice over any of a variety of attack vectors, including an HTML e-mail, a link to a web page, a metafile-bearing Microsoft Office document, or a chat message.
fb070c689f7c1eb6298f3b908b6d3263adc6334948806fad6400732d941dbe93
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in Macromedia Flash Player versions 6 and 7 that will allow an attacker to run arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious SWF file in order to redirect execution into attacker-supplied data.
9fed5fc5b6f35c0a68064bb3eba38b089f2ea09373f01b1eca9cbef787d60c1f