Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4677

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4677
Last Modified 07 Mar 2011 09:58:59
Published 07 Nov 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4677

Summary

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

Vulnerable Systems

Application

  • Apple Quicktime 7.2


References

CERT - TA07-310A

CERT-VN - VU#445083

SECUNIA - 27523

APPLE - APPLE-SA-2007-11-05

XF - quicktime-colortable-atom-bo(38283)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-065.html

VUPEN - ADV-2007-3723

SECTRACK - 1018894

BID - 26338

BUGTRAQ - 20071105 ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability

OSVDB - 38544

SREASON - 3352

CONFIRM - http://docs.info.apple.com/article.html?artnum=306896

Related Patches

Apple 2007-11-05 QuickTime 7.3 for Leopard

Apple 2007-11-05 QuickTime 7.3 for Tiger (Rev 2)


Last Updated: 27 May 2016 10:45:56