Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4675

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4675
Last Modified 17 Oct 2011 12:00:00
Published 07 Nov 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4675

Summary

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

Vulnerable Systems

Application

  • Apple Quicktime 7.2


References

CERT - TA07-310A

APPLE - APPLE-SA-2007-11-05

XF - quicktime-qtvr-bo(38282)

VUPEN - ADV-2007-3723

SECTRACK - 1018894

BID - 26342

BUGTRAQ - 20071110 [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow

OSVDB - 38545

MISC - http://www.48bits.com/advisories/qt_pdat_heapbof.pdf

SECUNIA - 27523

IDEFENSE - 20071105 Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability

CONFIRM - http://docs.info.apple.com/article.html?artnum=306896

MISC - http://blog.48bits.com/?p=176

Related Patches

Apple 2007-11-05 QuickTime 7.3 for Leopard

Apple 2007-11-05 QuickTime 7.3 for Tiger (Rev 2)


Last Updated: 27 May 2016 10:45:56