Lucene search

[email protected]CVE-2007-4675

HistoryNov 07, 2007 - 11:46 p.m.

CVE-2007-4675

2007-11-0723:46:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-4675

quicktime

vr extension

buffer overflow

nvd

security vulnerability

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.602 Medium

EPSS

Percentile

97.7%

JSON

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.3.9
apple:mac_os_xapple mac os xeq10.4.10
apple:mac_os_xapple mac os xeq10.5
microsoft:windows_vistamicrosoft windows vistaeq-
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.3.9
apple:mac_os_x	apple mac os x	eq	10.4.10
apple:mac_os_x	apple mac os x	eq	10.5
microsoft:windows_vista	microsoft windows vista	eq	-
microsoft:windows_xp	microsoft windows xp	eq	*

References

blog.48bits.com/?p=176

docs.info.apple.com/article.html?artnum=306896

labs.idefense.com/intelligence/vulnerabilities/display.php?id=620

lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html

secunia.com/advisories/27523

www.48bits.com/advisories/qt_pdat_heapbof.pdf

www.osvdb.org/38545

www.securityfocus.com/archive/1/483564/100/0/threaded

www.securityfocus.com/bid/26342

www.securitytracker.com/id?1018894

www.us-cert.gov/cas/techalerts/TA07-310A.html

www.vupen.com/english/advisories/2007/3723

exchange.xforce.ibmcloud.com/vulnerabilities/38282

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.602 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2007-4675

prion1 securityvulns2 checkpoint_advisories1 nessus2