Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4672

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2007-4672
Last Modified 07 Mar 2011 09:58:59
Published 07 Nov 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-4672

Summary

Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.

Vulnerable Systems

Application

  • Apple Quicktime 7.2


References

CERT - TA07-310A

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-068.html

VUPEN - ADV-2007-3723

SECTRACK - 1018894

BUGTRAQ - 20071105 ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability

SECUNIA - 27523

OSVDB - 38547

APPLE - APPLE-SA-2007-11-05

CONFIRM - http://docs.info.apple.com/article.html?artnum=306896

XF - apple-quicktime-pict-bo(38279)

BID - 26344

SREASON - 3350

Related Patches

Apple 2007-11-05 QuickTime 7.3 for Leopard

Apple 2007-11-05 QuickTime 7.3 for Tiger (Rev 2)


Last Updated: 27 May 2016 10:45:56