Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4676

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4676
Last Modified 07 Mar 2011 09:58:59
Published 07 Nov 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4676

Summary

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

Vulnerable Systems

Application

  • Apple Quicktime 7.2


References

CERT - TA07-310A

CERT-VN - VU#690515

SECUNIA - 27523

APPLE - APPLE-SA-2007-11-05

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-067.html

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-066.html

VUPEN - ADV-2007-3723

SECTRACK - 1018894

BUGTRAQ - 20071105 ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability

BUGTRAQ - 20071105 ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability

OSVDB - 38546

CONFIRM - http://docs.info.apple.com/article.html?artnum=306896

XF - quicktime-poly-type-bo(38281)

XF - quicktime-packbitsrgn-bo(38280)

BID - 26345

SREASON - 3351

Related Patches

Apple 2007-11-05 QuickTime 7.3 for Leopard

Apple 2007-11-05 QuickTime 7.3 for Tiger (Rev 2)


Last Updated: 27 May 2016 10:45:56