Lucene search

[email protected]CVE-2007-0462

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0462

2007-01-2601:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0462

apple quickdraw

quicktime

mac os x

denial of service

remote attack

arbitrary code execution

memory corruption

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.6%

JSON

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

CPENameOperatorVersion
apple:quicktimeapple quicktimeeq7.1.3
apple:mac_os_xapple mac os xeq10.4.8

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	eq	7.1.3
apple:mac_os_x	apple mac os x	eq	10.4.8

References

projects.info-pull.com/moab/MOAB-23-01-2007.html

secunia.com/advisories/23859

www.osvdb.org/32696

www.securityfocus.com/bid/22207

www.vupen.com/english/advisories/2007/0337

exchange.xforce.ibmcloud.com/vulnerabilities/31698

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2007-0462

prion2 checkpoint_advisories3 securityvulns1 cve1