[email protected]CVE-2006-1453

HistoryMay 12, 2006 - 8:06 p.m.

CVE-2006-1453

2006-05-1220:06:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2006-1453

apple quicktime

buffer overflow

remote code execution

quickdraw pict

font information

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.4%

JSON

Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information.

CPENameOperatorVersion
apple:quicktimeapple quicktimeeq6.5.1
apple:quicktimeapple quicktimeeq6.1.0
apple:quicktimeapple quicktimeeq6.0.1
apple:quicktimeapple quicktimeeq6.2.0
apple:quicktimeapple quicktimeeq5.0
apple:quicktimeapple quicktimeeq7.0.3
apple:quicktimeapple quicktimeeq6.1.1
apple:quicktimeapple quicktimeeq7.0.1
apple:quicktimeapple quicktimeeq7.0
apple:quicktimeapple quicktimeeq4.1.2

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	eq	6.5.1
apple:quicktime	apple quicktime	eq	6.1.0
apple:quicktime	apple quicktime	eq	6.0.1
apple:quicktime	apple quicktime	eq	6.2.0
apple:quicktime	apple quicktime	eq	5.0
apple:quicktime	apple quicktime	eq	7.0.3
apple:quicktime	apple quicktime	eq	6.1.1
apple:quicktime	apple quicktime	eq	7.0.1
apple:quicktime	apple quicktime	eq	7.0
apple:quicktime	apple quicktime	eq	4.1.2

Rows per page:

1-10 of 231

References

lists.apple.com/archives/security-announce/2006/May/msg00002.html

lists.apple.com/archives/security-announce/2006/May/msg00003.html

secunia.com/advisories/20069

secunia.com/advisories/20077

securityreason.com/securityalert/887

securitytracker.com/id?1016067

securitytracker.com/id?1016075

www.securityfocus.com/archive/1/433831/100/0/threaded

www.securityfocus.com/bid/17951

www.securityfocus.com/bid/17953

www.us-cert.gov/cas/techalerts/TA06-132A.html

www.us-cert.gov/cas/techalerts/TA06-132B.html

www.vupen.com/english/advisories/2006/1778

www.vupen.com/english/advisories/2006/1779

exchange.xforce.ibmcloud.com/vulnerabilities/26400

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2006-1453

prion1 securityvulns1 nessus3