CVE-2007-4675
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
Un desbordamiento de búfer en la región stack de la memoria en la extensión de QuickTime VR versión 7.2.0.240 en QuickTime.qts en QuickTime de Apple anterior a versión 7.3, permite a los atacantes remotos ejecutar los códigos arbitrarios por medio de un archivo de película QTVR (Realidad Virtual de QuickTime) que contiene un campo de gran tamaño en el encabezado atom de un panorama sample atom.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-09-05 CVE Reserved
- 2007-11-06 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://blog.48bits.com/?p=176 | Third Party Advisory | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 | Broken Link | |
| http://secunia.com/advisories/27523 | Third Party Advisory | |
| http://www.48bits.com/advisories/qt_pdat_heapbof.pdf | Third Party Advisory | |
| http://www.osvdb.org/38545 | Broken Link | |
| http://www.securityfocus.com/archive/1/483564/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26342 | Third Party Advisory | |
| http://www.securitytracker.com/id?1018894 | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA07-310A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/3723 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38282 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html | 2018-10-26 |
| URL | Date | SRC |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=306896 | 2018-10-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.9 Search vendor "Apple" for product "Mac Os X" and version "10.3.9" | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.10 Search vendor "Apple" for product "Mac Os X" and version "10.4.10" | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5 Search vendor "Apple" for product "Mac Os X" and version "10.5" | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|