CVE-2007-4676
Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
Desbordamiento de búfer basado en montículo en Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante elementos mal formados cuando se analizan los códigos de operación (opcodes) (1)Poly type (0x0070 hasta 0x0074) y (2) PackBitsRgn field (0x0099)en una imagen PICT.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-05 CVE Reserved
- 2007-11-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/38546 | Broken Link | |
| http://secunia.com/advisories/27523 | Third Party Advisory | |
| http://securityreason.com/securityalert/3351 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/690515 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/483311/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/483313/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26345 | Third Party Advisory | |
| http://www.securitytracker.com/id?1018894 | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA07-310A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/3723 | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-066.html | Third Party Advisory |
|
| http://www.zerodayinitiative.com/advisories/ZDI-07-067.html | Third Party Advisory |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38280 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38281 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=306896 | 2018-10-26 | |
| http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html | 2018-10-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.9 Search vendor "Apple" for product "Mac Os X" and version "10.3.9" | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.10 Search vendor "Apple" for product "Mac Os X" and version "10.4.10" | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5 Search vendor "Apple" for product "Mac Os X" and version "10.5" | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | - |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2 |
Affected
| in | Apple Search vendor "Apple" | Quicktime Search vendor "Apple" for product "Quicktime" | < 7.3 Search vendor "Apple" for product "Quicktime" and version " < 7.3" | - |
Safe
|