Apple QuickTime

ソフト名：Apple QuickTime 7.x

回避策：7.7へのアップデートにて対応

脆弱性：システムアクセス, バッファオーバーフロー, ActiveXコントロールエラー

ソース：

http://www.apple.com/quicktime/

http://support.apple.com/kb/HT4826

http://secunia.com/advisories/43814/

http://secunia.com/advisories/45054/

http://secunia.com/advisories/45516/

http://dvw-j.blogspot.com/2011/03/apple-mac-os-x.html

http://dvw-j.blogspot.com/2011/06/apple-mac-os-x.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0186

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0187

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0209

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0210

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0211

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0245

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0246

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0247

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0248

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0249

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0250

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0251

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0252

CVE：CVE-2011-0186, CVE-2011-0187, CVE-2011-0209, CVE-2011-0210, CVE-2011-0211, CVE-2011-0213, CVE-2011-0245, CVE-2011-0246, CVE-2011-0247, CVE-2011-0248, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252

危険性：High Risk

Apple QuickTime, Apple Mac OS X, Apple Mac OS X Server

ソフト名：Apple QuickTime 7.6.6/7.6.8, Apple Mac OS X 10.5.8～10.6.4, Apple Mac OS X Server 10.5.8～10.6.4
回避策：Apple Security Update 2010-007または,アップデートにて対応
脆弱性：バッファオーバーフロー, リモートコード実行, XSS, 機密情報の奪取, セキュリティ制限の回避, アプリケーションのクラッシュ, DoS攻撃, メモリ破壊, 認証資格情報の奪取
ソース：http://support.apple.com/kb/HT4435
http://www.securityfocus.com/bid/44778
http://www.securityfocus.com/bid/44785
http://www.securityfocus.com/bid/44787
http://www.securityfocus.com/bid/44789
http://www.securityfocus.com/bid/44790
http://www.securityfocus.com/bid/44792
http://www.securityfocus.com/bid/44794
http://www.securityfocus.com/bid/44795
http://www.securityfocus.com/bid/44796
http://www.securityfocus.com/bid/44798
http://www.securityfocus.com/bid/44814
http://www.securityfocus.com/bid/44828
http://www.securityfocus.com/bid/44829
http://www.securityfocus.com/bid/44831
http://www.securityfocus.com/bid/44834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3798
http://secunia.com/advisories/39259
http://secunia.com/advisories/42151
http://www.vupen.com/english/advisories/2010/2958
CVE：CVE-2010-1378, CVE-2010-1803, CVE-2010-3787, CVE-2010-3788, CVE-2010-3789, CVE-2010-3790, CVE-2010-3791, CVE-2010-3792, CVE-2010-3793, CVE-2010-3794, CVE-2010-3795, CVE-2010-3796, CVE-2010-3797, CVE-2010-3798
危険性：High Risk

Apple QuickTime ActiveX control

ソフト名：Apple QuickTime ActiveX control 7.6.7 (1675)
回避策：未対応
脆弱性：リモートコード実行
ソース：http://www.apple.com/quicktime/
http://www.exploit-db.com/exploits/14843/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1818
http://secunia.com/advisories/41213
http://www.vupen.com/english/advisories/2010/2241
CVE：CVE-2010-1818
危険性：High Risk

Apple QuickTime

ソフト名：Apple QuickTime 7.6.6 - Windows
回避策：未対応
脆弱性：バッファオーバーフロー, リモートコード実行, アプリケーションのクラッシュ
ソース：http://www.apple.com/quicktime/
http://www.securityfocus.com/bid/41962
http://secunia.com/advisories/40729
危険性：High Risk

QuickTime

ソフト名：Apple QuickTime 7.0.0 - Windows～7.6.6 - Windows
回避策：アップデートにて対応
脆弱性：整数オーバーフロー, アプリケーションのクラッシュ, リモートコード実行, バッファオーバーフロー
ソース：http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
http://www.securityfocus.com/bid/39136
http://www.securityfocus.com/bid/39139
http://www.securityfocus.com/bid/39140
http://www.securityfocus.com/bid/39141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0536
CVE：CVE-2010-0527, CVE-2010-0528, CVE-2010-0529, CVE-2010-0536
危険性：High Risk

QuickTime

ソフト名：Apple QuickTime 7.0.0 - Windows～7.6.6 - Windows
回避策：アップデートにて対応
脆弱性：整数オーバーフロー, アプリケーションのクラッシュ, リモートコード実行, バッファオーバーフロー
ソース：http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
http://www.securityfocus.com/bid/39136
http://www.securityfocus.com/bid/39139
http://www.securityfocus.com/bid/39140
http://www.securityfocus.com/bid/39141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0536
CVE：CVE-2010-0527, CVE-2010-0528, CVE-2010-0529, CVE-2010-0536
危険性：High Risk