CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.8%
Added: 11/19/2007
CVE: CVE-2007-4672
BID: 26344
OSVDB: 38547
QuickTime is a media player for Windows and Mac OS platforms.
A buffer overflow vulnerability in QuickTime allows command execution when a user opens a specially crafted PICT image containing an invalid UncompressedQuickTimeData opcode length.
Upgrade to QuickTime 7.3.
<http://www.us-cert.gov/cas/techalerts/TA07-310A.html>
<http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html>
Exploit works on QuickTime 7.2 and requires a user to download and open a PCT file.
Windows