Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4674

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4674
Last Modified 07 Mar 2011 09:58:59
Published 27 Nov 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4674

Summary

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.

Vulnerable Systems

Application

  • Apple Quicktime 7.2


References

CONFIRM - http://docs.info.apple.com/article.html?artnum=306896

VUPEN - ADV-2008-2735

CONFIRM - http://support.apple.com/kb/HT3189

SECUNIA - 32121

OSVDB - 43716

APPLE - APPLE-SA-2008-10-02

MISC - http://dvlabs.tippingpoint.com/advisory/TPTI-07-20

BID - 26443

BUGTRAQ - 20071114 TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability

GENTOO - GLSA-200803-08

SECUNIA - 29182


Last Updated: 27 May 2016 10:45:56