{"cve": [{"lastseen": "2021-02-02T05:31:21", "description": "Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.\nThis vulnerability is addressed in the following product release:\r\nApple, QuickTime, 7.1.3", "edition": 6, "cvss3": {}, "published": "2007-05-14T21:19:00", "title": "CVE-2007-0754", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0754"], "modified": "2018-10-16T16:34:00", "cpe": ["cpe:/a:apple:quicktime:7.1.2"], "id": "CVE-2007-0754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0754", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-0754"], "description": "## Vulnerability Description\nA heap corruption overflow exists in Quicktime. It fails to validate Sample Table Sample Descriptor (STSD) atoms resulting in heap corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 7.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA heap corruption overflow exists in Quicktime. It fails to validate Sample Table Sample Descriptor (STSD) atoms resulting in heap corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304357\nOther Advisory URL: http://dvlabs.tippingpoint.com/advisory/TPTI-07-07\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0171.html\nISS X-Force ID: 34244\n[CVE-2007-0754](https://vulners.com/cve/CVE-2007-0754)\nBugtraq ID: 23923\n", "edition": 1, "modified": "2007-05-10T21:11:14", "published": "2007-05-10T21:11:14", "href": "https://vulners.com/osvdb/OSVDB:35574", "id": "OSVDB:35574", "title": "Apple QuickTime Movie Sample Table Sample Descriptor (STSD) Parsing Overflow", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-0754"], "description": "TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability\r\nhttp://dvlabs.tippingpoint.com/advisory/TPTI-07-07\r\nMay 10, 2007\r\n\r\n-- CVE ID:\r\nCVE-2007-0754\r\n\r\n-- Affected Vendor:\r\nApple\r\n\r\n-- Affected Products:\r\nQuickTime Player 7.x\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability since January 31, 2006 by Digital Vaccine protection\r\nfilter ID 4109. For further product information on the TippingPoint IPS:\r\n\r\n http://www.tippingpoint.com \r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows attackers to execute arbitrary code on\r\nvulnerable installations of Apple Quicktime. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the parsing of malformed Sample Table\r\nSample Descriptor (STSD) atoms. Specifying a malicious atom size can\r\nresult in an under allocated heap chunk and subsequently an exploitable\r\nheap corruption.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\n http://docs.info.apple.com/article.html?artnum=304357\r\n\r\n-- Disclosure Timeline:\r\n2006.06.16 - Vulnerability reported to vendor\r\n2006.01.31 - Digital Vaccine released to TippingPoint customers\r\n2007.05.10 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by Ganesh Devarajan,\r\nTippingPoint DVLabs.\r\n", "edition": 1, "modified": "2007-05-12T00:00:00", "published": "2007-05-12T00:00:00", "id": "SECURITYVULNS:DOC:17004", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17004", "title": "TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T05:20:40", "description": "The remote Windows host is running a version of QuickTime prior to\n7.1.3. \n\nThe remote version of QuickTime is vulnerable to various integer and\nbuffer overflows involving specially crafted image and media files. \nAn attacker may be able to leverage these issues to execute arbitrary\ncode on the remote host by sending a malformed file to a victim and\nhaving him open it using QuickTime player.", "edition": 24, "published": "2006-09-13T00:00:00", "title": "QuickTime < 7.1.3 Multiple Vulnerabilities (Windows)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4384", "CVE-2006-4386", "CVE-2007-0754", "CVE-2006-4385", "CVE-2006-4388", "CVE-2006-4389", "CVE-2006-4382", "CVE-2006-4381"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:apple:quicktime"], "id": "QUICKTIME_713.NASL", "href": "https://www.tenable.com/plugins/nessus/22336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22336);\n script_version(\"1.21\");\n\n script_cve_id(\"CVE-2006-4381\", \"CVE-2006-4382\", \"CVE-2006-4384\", \"CVE-2006-4385\", \"CVE-2006-4386\", \n \"CVE-2006-4388\", \"CVE-2006-4389\", \"CVE-2007-0754\");\n script_bugtraq_id(19976, 23923);\n\n script_name(english:\"QuickTime < 7.1.3 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks version of QuickTime on Windows\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote version of QuickTime is affected by multiple overflow\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of QuickTime prior to\n7.1.3. \n\nThe remote version of QuickTime is vulnerable to various integer and\nbuffer overflows involving specially crafted image and media files. \nAn attacker may be able to leverage these issues to execute arbitrary\ncode on the remote host by sending a malformed file to a victim and\nhaving him open it using QuickTime player.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=304357\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to QuickTime version 7.1.3 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/09/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/12\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\nscript_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n exit(0);\n}\n\n\nver = get_kb_item(\"SMB/QuickTime/Version\");\nif (\n ver && \n ver =~ \"^([0-6]\\.|7\\.(0\\.|1\\.[0-2]([^0-9]|$)))\"\n) security_hole(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
