QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) \\\%2f and .. (dot dot) or (2) \\\%5c and .. (dot dot) in a URL.
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML docume ...
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
WebKit in Apple Safari before 5.0 or iTunes before 9.2 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.