[email protected]CVE-2005-3711

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-3711

2005-12-3105:00:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2005-3711

apple quicktime

integer overflow

remote code execution

tiff image

security vulnerability

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.628 Medium

EPSS

Percentile

97.8%

JSON

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) “strips” (StripByteCounts) or (2) “bands” (StripOffsets) values.

CPENameOperatorVersion
apple:quicktimeapple quicktimeeq7.0.1
apple:quicktimeapple quicktimeeq7.0
apple:quicktimeapple quicktimeeq7.0.2
apple:quicktimeapple quicktimele7.0.3

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	eq	7.0.1
apple:quicktime	apple quicktime	eq	7.0
apple:quicktime	apple quicktime	eq	7.0.2
apple:quicktime	apple quicktime	le	7.0.3

References

archives.neohapsis.com/archives/fulldisclosure/2006-01/0442.html

docs.info.apple.com/article.html?artnum=303101

secunia.com/advisories/18370

securitytracker.com/id?1015465

www.osvdb.org/22337

www.securityfocus.com/archive/1/421799/100/0/threaded

www.securityfocus.com/archive/1/421831/100/0/threaded

www.securityfocus.com/bid/16202

www.vupen.com/english/advisories/2006/0128

exchange.xforce.ibmcloud.com/vulnerabilities/24059

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.628 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2005-3711

securityvulns2 nessus1 cert2