CVE-2007-4674
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
Un error de "aritmética de enteros" en Apple QuickTime 7.2 permite a atacantes remotos ejecutar código de su elección mediante un archivo de película manipulado que contiene un átomo de película (atom movie) con un valor de tamaño grande, lo cual dispara un desbordamiento de búfer basado en pila.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-09-05 CVE Reserved
- 2007-11-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://dvlabs.tippingpoint.com/advisory/TPTI-07-20 | X_refsource_misc | |
| http://osvdb.org/43716 | Vdb Entry | |
| http://secunia.com/advisories/29182 | Third Party Advisory | |
| http://secunia.com/advisories/32121 | Third Party Advisory | |
| http://support.apple.com/kb/HT3189 | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/483717/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26443 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2735 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=306896 | 2018-10-15 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html | 2018-10-15 | |
| http://security.gentoo.org/glsa/glsa-200803-08.xml | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2 Search vendor "Apple" for product "Quicktime" and version "7.2" | _mac_os_x_v10.3.9 |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2 Search vendor "Apple" for product "Quicktime" and version "7.2" | _mac_os_x_v10.4.9 |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2 Search vendor "Apple" for product "Quicktime" and version "7.2" | _mac_os_x_v10.5 |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2 Search vendor "Apple" for product "Quicktime" and version "7.2" | windows_vista |
Affected
| ||||||
| Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | 7.2 Search vendor "Apple" for product "Quicktime" and version "7.2" | windows_xp_sp2 |
Affected
| ||||||