CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.3%
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | quicktime | * | cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:* |
apple | mac_os_x | 10.3.9 | cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:* |
apple | mac_os_x | 10.4.10 | cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:* |
apple | mac_os_x | 10.5 | cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:* |
microsoft | windows_vista | - | cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:* |
microsoft | windows_xp | - | cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* |
docs.info.apple.com/article.html?artnum=306896
lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html
osvdb.org/38546
secunia.com/advisories/27523
securityreason.com/securityalert/3351
www.kb.cert.org/vuls/id/690515
www.securityfocus.com/archive/1/483311/100/0/threaded
www.securityfocus.com/archive/1/483313/100/0/threaded
www.securityfocus.com/bid/26345
www.securitytracker.com/id?1018894
www.us-cert.gov/cas/techalerts/TA07-310A.html
www.vupen.com/english/advisories/2007/3723
www.zerodayinitiative.com/advisories/ZDI-07-066.html
www.zerodayinitiative.com/advisories/ZDI-07-067.html
exchange.xforce.ibmcloud.com/vulnerabilities/38280
exchange.xforce.ibmcloud.com/vulnerabilities/38281