DATABASE RESOURCES PRICING ABOUT US

{"id": "VU:396820", "vendorId": null, "type": "cert", "bulletinFamily": "info", "title": "Apple QuickDraw Manager heap buffer overflow vulnerability", "description": "### Overview\n\nApple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition.\n\n### Description\n\n[PICT](<http://en.wikipedia.org/wiki/PICT>) is a graphics file format that was used by Apple Macintosh systems prior to Mac OS X as their standard metafile format. OS X systems can open and display PICT files. Apple [QuickDraw](<http://en.wikipedia.org/wiki/QuickDraw>) is a two dimensional graphics library that has been deprecated in Mac OS version 10.4. \n\nApple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code. By convincing a user to open a specially crafted PICT[](<http://en.wikipedia.org/wiki/Musical_Instrument_Digital_Interface>) file with an application that uses the QuickDraw libraries, an attacker can trigger the overflow. \n \nNote that since OS 10.4 contains limited support for QuickDraw, this vulnerability does affect recent versions of OS X. Versions of Mac prior to OS X may also be affected. \n \n--- \n \n### Impact\n\nA remote unauthenticated attacker may be able to execute arbitrary code or create a denial-of-service condition. The specially crafted PICT file used to exploit this vulnerability may be supplied on a web page, in an email for the victim to select, or by some other means designed to encourage them to process the file with a vulnerable application. \n \n--- \n \n### Solution\n\n**Upgrade** \n \nApple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. Users are encouraged to review Apple Support Article ID [305214](<http://docs.info.apple.com/article.html?artnum=305214>) and apply the appropriate update for their system. \n \n--- \n \n### Vendor Information\n\n396820\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nUpdated: March 14, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://docs.info.apple.com/article.html?artnum=305214> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23396820 Feedback>).\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://docs.info.apple.com/article.html?artnum=305214>\n * <http://secunia.com/advisories/24479/>\n * <http://en.wikipedia.org/wiki/PICT>\n * <http://en.wikipedia.org/wiki/QuickDraw>\n * <http://securitytracker.com/alerts/2007/Mar/1017760.html>\n * <http://www.securityfocus.com/bid/22228>\n * [http://www.sans.org/newsletters/risk/display.php?v=6&amp;i=5#widely6](<http://www.sans.org/newsletters/risk/display.php?v=6&i=5#widely6>)\n\n### Acknowledgements\n\nApple credits to Tom Ferris of Security-Protocols and Mike Price of McAfee AVERT Labs for reporting this issue.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-0588](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-0588>) \n---|--- \n**Severity Metric:** | 5.10 \n**Date Public:** | 2007-03-13 \n**Date First Published:** | 2007-03-14 \n**Date Last Updated: ** | 2007-03-20 16:04 UTC \n**Document Revision: ** | 15 \n", "published": "2007-03-14T00:00:00", "modified": "2007-03-20T16:04:00", "epss": [{"cve": "CVE-2007-0588", "epss": 0.76103, "percentile": 0.97691, "modified": "2023-05-30"}], "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.kb.cert.org/vuls/id/396820", "reporter": "CERT", "references": ["http://docs.info.apple.com/article.html?artnum=305214", "http://secunia.com/advisories/24479/", "http://en.wikipedia.org/wiki/PICT", "http://en.wikipedia.org/wiki/QuickDraw", "http://securitytracker.com/alerts/2007/Mar/1017760.html", "http://www.securityfocus.com/bid/22228", "http://www.sans.org/newsletters/risk/display.php?v=6&i=5#widely6"], "cvelist": ["CVE-2007-0588"], "immutableFields": [], "lastseen": "2023-05-31T14:41:36", "viewCount": 18, "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0588"]}, {"type": "nessus", "idList": ["MACOSX_10_4_9.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7102"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-0588"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2007-0588", "epss": 0.771, "percentile": 0.97695, "modified": "2023-05-06"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1685545692, "score": 1685544181, "epss": 0}, "_internal": {"score_hash": "15f54282c5603bc7285ee3f4dc1f37c5"}}

{"securityvulns": [{"lastseen": "2021-06-08T19:03:06", "description": "Memory corruption on maleformed PICT image ARGB record.", "cvss3": {}, "published": "2007-01-24T00:00:00", "type": "securityvulns", "title": "Apple QuickDraw libraries memory corruption", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0462", "CVE-2007-0588"], "modified": "2007-01-24T00:00:00", "id": "SECURITYVULNS:VULN:7102", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7102", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2023-09-28T18:30:10", "description": "The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.", "cvss3": {}, "published": "2007-01-30T18:28:00", "type": "cve", "title": "CVE-2007-0588", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0462", "CVE-2007-0588"], "modified": "2013-08-15T05:21:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.8", "cpe:/a:apple:quicktime:7.1.3"], "id": "CVE-2007-0588", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0588", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-05-18T14:58:45", "description": "The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog", "cvss3": {}, "published": "2007-03-13T00:00:00", "type": "nessus", "title": "Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2959", "CVE-2006-0225", "CVE-2006-0300", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-3469", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4829", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5330", "CVE-2006-5679", "CVE-2006-5836", "CVE-2006-6061", "CVE-2006-6062", "CVE-2006-6097", "CVE-2006-6129", "CVE-2006-6130", "CVE-2006-6173", "CVE-2007-0229", "CVE-2007-0236", "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0318", "CVE-2007-0463", "CVE-2007-0467", "CVE-2007-0588", "CVE-2007-0719", "CVE-2007-0720", "CVE-2007-0721", "CVE-2007-0722", "CVE-2007-0723", "CVE-2007-0724", "CVE-2007-0726", "CVE-2007-0728", "CVE-2007-0730", "CVE-2007-0731", "CVE-2007-0733", "CVE-2007-1071"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_4_9.NASL", "href": "https://www.tenable.com/plugins/nessus/24811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(24811);\n script_version (\"1.29\");\n\n script_cve_id(\"CVE-2007-0719\", \"CVE-2007-0467\", \"CVE-2007-0720\", \n \"CVE-2007-0721\", \"CVE-2007-0722\", \"CVE-2006-6061\", \n \"CVE-2006-6062\", \"CVE-2006-5679\", \"CVE-2007-0229\", \n \"CVE-2007-0267\", \"CVE-2007-0299\", \"CVE-2007-0723\", \n \"CVE-2006-5330\", \"CVE-2006-0300\", \"CVE-2006-6097\", \n \"CVE-2007-0318\", \"CVE-2007-0724\", \"CVE-2007-1071\", \n \"CVE-2007-0733\", \"CVE-2006-5836\", \"CVE-2006-6129\", \n \"CVE-2006-6173\", \"CVE-2006-1516\", \"CVE-2006-1517\", \n \"CVE-2006-2753\", \"CVE-2006-3081\", \"CVE-2006-4031\", \n \"CVE-2006-4226\", \"CVE-2006-3469\", \"CVE-2006-6130\", \n \"CVE-2007-0236\", \"CVE-2007-0726\", \"CVE-2006-0225\", \n \"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\", \n \"CVE-2007-0728\", \"CVE-2007-0588\", \"CVE-2007-0730\", \n \"CVE-2007-0731\", \"CVE-2007-0463\", \"CVE-2005-2959\", \n \"CVE-2006-4829\");\n script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948);\n\n script_name(english:\"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 which is older than\nversion 10.4.9 or a version of Mac OS X 10.3 which does not have \nSecurity Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=305214\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :\n\nhttp://www.apple.com/support/downloads/macosxserver1049updateppc.html\nhttp://www.apple.com/support/downloads/macosx1049updateintel.html\nhttp://www.apple.com/support/downloads/macosxserver1049updateuniversal.html\n\nMac OS X 10.3 : Apply Security Update 2007-003 :\n\nhttp://www.apple.com/support/downloads/securityupdate20070031039client.html\nhttp://www.apple.com/support/downloads/securityupdate20070031039server.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/03/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/03/13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"combined\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) {\n\t os = get_kb_item(\"Host/OS\");\n\t confidence = get_kb_item(\"Host/OS/Confidence\");\n\t if ( confidence <= 90 ) exit(0);\n\t}\nif ( ! os ) exit(0);\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-8]([^0-9]|$))\", string:os)) security_hole(0);\nelse if ( ereg(pattern:\"Mac OS X 10\\.3\\.\", string:os) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?2007-003\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}