Lucene search

[email protected]CVE-2007-3752

HistorySep 06, 2007 - 9:17 p.m.

CVE-2007-3752

2007-09-0621:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-3752

apple itunes

heap-based buffer overflow

denial of service

nvd

mp4

aac

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON

Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.

CPENameOperatorVersion
apple:itunesapple itunesle7.3.2

CPE	Name	Operator	Version
apple:itunes	apple itunes	le	7.3.2

References

docs.info.apple.com/article.html?artnum=306404

lists.apple.com/archives/security-announce/2007/Sep/msg00000.html

osvdb.org/38528

secunia.com/advisories/26725

www.securityfocus.com/archive/1/478750/100/0/threaded

www.securityfocus.com/bid/25567

www.securitytracker.com/id?1018658

www.vupen.com/english/advisories/2007/3073

exchange.xforce.ibmcloud.com/vulnerabilities/36485

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17303

www.isecpartners.com/advisories/2007-005-itunes.txt

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2007-3752

prion1 nessus3