{"cve": [{"lastseen": "2021-02-02T05:31:20", "description": "The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.", "edition": 4, "cvss3": {}, "published": "2007-01-30T18:28:00", "title": "CVE-2007-0588", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0588"], "modified": "2013-08-15T05:21:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.8", "cpe:/a:apple:quicktime:7.1.3"], "id": "CVE-2007-0588", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0588", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:20", "description": "The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.", "edition": 4, "cvss3": {}, "published": "2007-01-26T01:28:00", "title": "CVE-2007-0462", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0462"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.8", "cpe:/a:apple:quicktime:7.1.3"], "id": "CVE-2007-0462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0462", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0588"], "description": "## Vulnerability Description\nA remote overflow exists in Mac OS X. The Quickdraw component fails to validate PICT image files resulting in a heap overflow. With a specially crafted file containing a malformed ARGB record, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 10.4.9 or higher, as it has been reported to fix this vulnerability. In addition, Apple has released a patch for some older versions.\n## Short Description\nA remote overflow exists in Mac OS X. The Quickdraw component fails to validate PICT image files resulting in a heap overflow. With a specially crafted file containing a malformed ARGB record, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=305214\nSecurity Tracker: 1017760\n[Secunia Advisory ID:24479](https://secuniaresearch.flexerasoftware.com/advisories/24479/)\nOther Advisory URL: http://security-protocols.com/sp-x43-advisory.php\nFrSIRT Advisory: ADV-2007-0930\n[CVE-2007-0588](https://vulners.com/cve/CVE-2007-0588)\nBugtraq ID: 22228\n", "edition": 1, "modified": "2007-01-24T00:00:00", "published": "2007-01-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:33365", "id": "OSVDB:33365", "title": "Mac OS X Quickdraw InternalUnpackBits Function DoS", "type": "osvdb", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0462"], "description": "## Vulnerability Description\nMac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an application uses the QuickDraw component to open a specially crafted PICT file with a malformed ARGB record, and will result in loss of availability for the application.\n## Solution Description\nUpgrade to version 10.4.9 or higher, as it has been reported to fix this vulnerability. In addition, Apple has released a patch for some older versions.\n## Short Description\nMac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an application uses the QuickDraw component to open a specially crafted PICT file with a malformed ARGB record, and will result in loss of availability for the application.\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305214)\n[Secunia Advisory ID:23859](https://secuniaresearch.flexerasoftware.com/advisories/23859/)\nOther Advisory URL: http://security-protocols.com/sp-x43-advisory.php\nOther Advisory URL: http://projects.info-pull.com/moab/MOAB-23-01-2007.html\nISS X-Force ID: 31698\nFrSIRT Advisory: 2007-0337\n[CVE-2007-0462](https://vulners.com/cve/CVE-2007-0462)\nBugtraq ID: 22207\n", "edition": 1, "modified": "2007-01-23T05:03:48", "published": "2007-01-23T05:03:48", "href": "https://vulners.com/osvdb/OSVDB:32696", "id": "OSVDB:32696", "title": "Mac OS X QuickDraw _GetSrcBits32ARGB() Function DoS", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:42:43", "bulletinFamily": "info", "cvelist": ["CVE-2007-0588"], "description": "### Overview \n\nApple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition.\n\n### Description \n\n[PICT](<http://en.wikipedia.org/wiki/PICT>) is a graphics file format that was used by Apple Macintosh systems prior to Mac OS X as their standard metafile format. OS X systems can open and display PICT files. Apple [QuickDraw](<http://en.wikipedia.org/wiki/QuickDraw>) is a two dimensional graphics library that has been deprecated in Mac OS version 10.4. \n\nApple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code. By convincing a user to open a specially crafted PICT[](<http://en.wikipedia.org/wiki/Musical_Instrument_Digital_Interface>) file with an application that uses the QuickDraw libraries, an attacker can trigger the overflow. \n \nNote that since OS 10.4 contains limited support for QuickDraw, this vulnerability does affect recent versions of OS X. Versions of Mac prior to OS X may also be affected. \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker may be able to execute arbitrary code or create a denial-of-service condition. The specially crafted PICT file used to exploit this vulnerability may be supplied on a web page, in an email for the victim to select, or by some other means designed to encourage them to process the file with a vulnerable application. \n \n--- \n \n### Solution \n\n**Upgrade** \n \nApple has published Mac OS X 10.4.9 for Mac OS X 10.4 (Tiger) systems and Security Update 2007-003 for Mac OS X 10.3 (Panther) systems in response to this issue. Users are encouraged to review Apple Support Article ID [305214](<http://docs.info.apple.com/article.html?artnum=305214>) and apply the appropriate update for their system. \n \n--- \n \n### Vendor Information\n\n396820\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nUpdated: March 14, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://docs.info.apple.com/article.html?artnum=305214> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23396820 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://docs.info.apple.com/article.html?artnum=305214>\n * <http://secunia.com/advisories/24479/>\n * <http://en.wikipedia.org/wiki/PICT>\n * <http://en.wikipedia.org/wiki/QuickDraw>\n * <http://securitytracker.com/alerts/2007/Mar/1017760.html>\n * <http://www.securityfocus.com/bid/22228>\n * [http://www.sans.org/newsletters/risk/display.php?v=6&i=5#widely6](<http://www.sans.org/newsletters/risk/display.php?v=6&i=5#widely6>)\n\n### Acknowledgements\n\nApple credits to Tom Ferris of Security-Protocols and Mike Price of McAfee AVERT Labs for reporting this issue.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-0588](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-0588>) \n---|--- \n**Severity Metric:** | 5.10 \n**Date Public:** | 2007-03-13 \n**Date First Published:** | 2007-03-14 \n**Date Last Updated: ** | 2007-03-20 16:04 UTC \n**Document Revision: ** | 15 \n", "modified": "2007-03-20T16:04:00", "published": "2007-03-14T00:00:00", "id": "VU:396820", "href": "https://www.kb.cert.org/vuls/id/396820", "type": "cert", "title": "Apple QuickDraw Manager heap buffer overflow vulnerability", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T10:28:35", "description": "Apple Mac OS X 10.4.8 QuickDraw GetSrcBits32ARGB Remote Memory Corruption Vulnerability. CVE-2007-0462. Dos exploit for osx platform", "published": "2007-01-23T00:00:00", "type": "exploitdb", "title": "Apple Mac OS X 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0462"], "modified": "2007-01-23T00:00:00", "id": "EDB-ID:29509", "href": "https://www.exploit-db.com/exploits/29509/", "sourceData": "source: http://www.securityfocus.com/bid/22207/info\r\n\r\nMac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files.\r\n\r\nSuccessfully exploiting this issue allows remote attackers to corrupt memory and crash the affected software. Attackers may also be able to execute arbitrary machine code, but this has not been confirmed.\r\n\r\nMac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4 \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29509.pct", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/29509/"}], "nessus": [{"lastseen": "2021-04-01T03:39:04", "description": "The remote host is running a version of Mac OS X 10.4 which is older than\nversion 10.4.9 or a version of Mac OS X 10.3 which does not have \nSecurity Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog", "edition": 27, "published": "2007-03-13T00:00:00", "title": "Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0733", "CVE-2006-4829", "CVE-2007-0730", "CVE-2006-5052", "CVE-2007-0724", "CVE-2007-0463", "CVE-2006-6097", "CVE-2007-0299", "CVE-2006-5051", "CVE-2006-1517", "CVE-2006-3081", "CVE-2007-0726", "CVE-2006-4031", "CVE-2007-0723", "CVE-2006-6173", "CVE-2005-2959", "CVE-2007-0719", "CVE-2007-0267", "CVE-2007-0731", "CVE-2007-1071", "CVE-2006-0225", "CVE-2006-6062", "CVE-2007-0318", "CVE-2007-0467", "CVE-2007-0236", "CVE-2006-5679", "CVE-2006-5330", "CVE-2007-0720", "CVE-2006-6129", "CVE-2006-4226", "CVE-2006-6130", "CVE-2006-5836", "CVE-2006-3469", "CVE-2007-0588", "CVE-2006-2753", "CVE-2007-0728", "CVE-2006-6061", "CVE-2007-0229", "CVE-2007-0722", "CVE-2006-0300", "CVE-2007-0721", "CVE-2006-4924", "CVE-2006-1516"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_4_9.NASL", "href": "https://www.tenable.com/plugins/nessus/24811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(24811);\n script_version (\"1.29\");\n\n script_cve_id(\"CVE-2007-0719\", \"CVE-2007-0467\", \"CVE-2007-0720\", \n \"CVE-2007-0721\", \"CVE-2007-0722\", \"CVE-2006-6061\", \n \"CVE-2006-6062\", \"CVE-2006-5679\", \"CVE-2007-0229\", \n \"CVE-2007-0267\", \"CVE-2007-0299\", \"CVE-2007-0723\", \n \"CVE-2006-5330\", \"CVE-2006-0300\", \"CVE-2006-6097\", \n \"CVE-2007-0318\", \"CVE-2007-0724\", \"CVE-2007-1071\", \n \"CVE-2007-0733\", \"CVE-2006-5836\", \"CVE-2006-6129\", \n \"CVE-2006-6173\", \"CVE-2006-1516\", \"CVE-2006-1517\", \n \"CVE-2006-2753\", \"CVE-2006-3081\", \"CVE-2006-4031\", \n \"CVE-2006-4226\", \"CVE-2006-3469\", \"CVE-2006-6130\", \n \"CVE-2007-0236\", \"CVE-2007-0726\", \"CVE-2006-0225\", \n \"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\", \n \"CVE-2007-0728\", \"CVE-2007-0588\", \"CVE-2007-0730\", \n \"CVE-2007-0731\", \"CVE-2007-0463\", \"CVE-2005-2959\", \n \"CVE-2006-4829\");\n script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948);\n\n script_name(english:\"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 which is older than\nversion 10.4.9 or a version of Mac OS X 10.3 which does not have \nSecurity Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=305214\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :\n\nhttp://www.apple.com/support/downloads/macosxserver1049updateppc.html\nhttp://www.apple.com/support/downloads/macosx1049updateintel.html\nhttp://www.apple.com/support/downloads/macosxserver1049updateuniversal.html\n\nMac OS X 10.3 : Apply Security Update 2007-003 :\n\nhttp://www.apple.com/support/downloads/securityupdate20070031039client.html\nhttp://www.apple.com/support/downloads/securityupdate20070031039server.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/03/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/03/13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"combined\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) {\n\t os = get_kb_item(\"Host/OS\");\n\t confidence = get_kb_item(\"Host/OS/Confidence\");\n\t if ( confidence <= 90 ) exit(0);\n\t}\nif ( ! os ) exit(0);\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-8]([^0-9]|$))\", string:os)) security_hole(0);\nelse if ( ereg(pattern:\"Mac OS X 10\\.3\\.\", string:os) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?2007-003\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
