Search criteria
1091 vulnerabilities found for quicktime by apple
VAR-200512-0643
Vulnerability from variot - Updated: 2024-07-23 22:24Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple's QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. A successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. This issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn't crash before overflowing 0x44 to 0x08, and the code will execute. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
I. (CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0643",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "CERT/CC",
"id": "VU#687201"
},
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Varun UppaleEye info@eEye.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-952"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13549",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#921193",
"trust": 0.8,
"value": "43.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#629845",
"trust": 0.8,
"value": "18.23"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#115729",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#150753",
"trust": 0.8,
"value": "32.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#913449",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#687201",
"trust": 0.8,
"value": "16.40"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-952",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-13549",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "CERT/CC",
"id": "VU#687201"
},
{
"db": "VULHUB",
"id": "VHN-13549"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. QuickTime is prone to a remote heap-based overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted QTIF (QuickTime Image) file. \nA successful attack can result in a remote compromise. Apple QuickTime is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before copying it to finite-sized process buffers. Unsuccessful exploit attempts will most likely crash the application. \nThis issue affects QuickTime 6.5.2 and 7.0.3; other versions may also be vulnerable. QuickTime 7.0.4 may also be vulnerable, but this has not been confirmed. \nThis issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). Quicktime will copy to the stack byte by byte when processing the data field of the qtif format file, but it does not perform the correct check, so it will cause a stack overflow in memory. The original function pointer value is 0x44332211. Just overflow it to 0x08332211 and make sure it doesn\u0027t crash before overflowing 0x44 to 0x08, and the code will execute. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n \n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: January 11, 2006\n Last revised: January 11, 2006\n Source: US-CERT\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows XP\n * Microsoft Windows 2000\n\n\nOverview\n\n Apple has released QuickTime 7.0.4 to correct multiple\n vulnerabilities. The impacts of these vulnerabilities include\n execution of arbitrary code and denial of service. \n\n\nI. \n (CAN-2005-3713)\n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. Potential\n consequences include remote execution of arbitrary code or commands\n and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#629845 -\n \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n * US-CERT Vulnerability Note VU#921193 -\n \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n * US-CERT Vulnerability Note VU#115729 -\n \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n * US-CERT Vulnerability Note VU#150753 -\n \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n * US-CERT Vulnerability Note VU#913449 -\n \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n * CVE-2005-2340 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n * CVE-2005-4092 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n * CVE-2005-3707 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n * CVE-2005-3710 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n * CVE-2005-3713 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n * Security Content for QuickTime 7.0.4 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n * QuickTime 7.0.4 -\n \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n * About the Mac OS X 10.4.4 Update (Delta) -\n \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2340"
},
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "CERT/CC",
"id": "VU#687201"
},
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
},
{
"db": "VULHUB",
"id": "VHN-13549"
},
{
"db": "PACKETSTORM",
"id": "43062"
}
],
"trust": 5.94
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-13549",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13549"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "18370",
"trust": 5.7
},
{
"db": "CERT/CC",
"id": "VU#629845",
"trust": 2.6
},
{
"db": "BID",
"id": "16202",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#687201",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2005-2340",
"trust": 2.5
},
{
"db": "BID",
"id": "16212",
"trust": 2.0
},
{
"db": "USCERT",
"id": "TA06-011A",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "22334",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22335",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22333",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015463",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0128",
"trust": 1.7
},
{
"db": "SREASON",
"id": "332",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015466",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#921193",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#115729",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#150753",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#913449",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "22337",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-952",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-011A",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060111 [CIRT.DK] APPLE QUICKTIME 7.0.3 AND EARLIER - JPG/PICT BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060111 [EEYEB-20051220] APPLE QUICKTIME QTIF STACK OVERFLOW",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8392",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8395",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8395\u203b8392\u203b8394\u203b8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8394",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-01-10",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 [EEYEB-20051220] APPLE QUICKTIME QTIF STACK OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "24054",
"trust": 0.6
},
{
"db": "BID",
"id": "16852",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "43054",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "27069",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80689",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-13549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43062",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "CERT/CC",
"id": "VU#687201"
},
{
"db": "VULHUB",
"id": "VHN-13549"
},
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
},
{
"db": "PACKETSTORM",
"id": "43054"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"id": "VAR-200512-0643",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13549"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:24:53.371000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13549"
},
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.7,
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"trust": 4.0,
"url": "http://secunia.com/advisories/18370/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/16202"
},
{
"trust": 2.0,
"url": "http://www.cirt.dk/advisories/cirt-41-advisory.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16212"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/629845"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/687201"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0392.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0398.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22333"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22334"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22335"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015463"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18370"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/332"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421566/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24054"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111b.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/ref/refimporter.4.htm"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24054"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0128"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421566/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8395\u203b8392\u203b8394\u203b8393"
},
{
"trust": 0.3,
"url": "/archive/1/421561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/913449\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/629845\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/115729\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/921193\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/150753\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "CERT/CC",
"id": "VU#687201"
},
{
"db": "VULHUB",
"id": "VHN-13549"
},
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
},
{
"db": "PACKETSTORM",
"id": "43054"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "CERT/CC",
"id": "VU#687201"
},
{
"db": "VULHUB",
"id": "VHN-13549"
},
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
},
{
"db": "PACKETSTORM",
"id": "43054"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#687201"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-13549"
},
{
"date": "2006-01-10T00:00:00",
"db": "BID",
"id": "16852"
},
{
"date": "2006-01-11T00:00:00",
"db": "BID",
"id": "16212"
},
{
"date": "2006-01-15T15:22:47",
"db": "PACKETSTORM",
"id": "43054"
},
{
"date": "2006-01-15T15:39:24",
"db": "PACKETSTORM",
"id": "43062"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2006-01-20T00:00:00",
"db": "CERT/CC",
"id": "VU#687201"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-13549"
},
{
"date": "2015-05-12T19:49:00",
"db": "BID",
"id": "16852"
},
{
"date": "2007-11-15T00:35:00",
"db": "BID",
"id": "16212"
},
{
"date": "2006-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-952"
},
{
"date": "2018-10-19T15:32:44.720000",
"db": "NVD",
"id": "CVE-2005-2340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle corrupt media files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "16852"
},
{
"db": "BID",
"id": "16212"
}
],
"trust": 0.6
}
}
VAR-200512-0300
Vulnerability from variot - Updated: 2024-07-23 22:24Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted GIF image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable.
This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls. The heap can be overwritten in the Picture Modifier block.
The block size calculate code such as:
.text:66A339CC mov ax, [esi+0Ch]
.text:66A339D0 xor ecx, ecx
.text:66A339D2 mov [esp+34h+var_28], ecx
.text:66A339D6 mov [esp+34h+var_24], ecx
.text:66A339DA mov [esp+34h+var_20], ecx
.text:66A339DE mov [esp+34h+var_1C], ecx
.text:66A339E2 mov word ptr [esp+34h+var_10], cx
.text:66A339E7 mov [esp+34h+arg_4], eax
.text:66A339EB movsx eax, ax
.text:66A339EE mov word ptr [esp+34h+var_10+2], cx
.text:66A339F3 mov cx, [esi+8]
.text:66A339F7 movsx edx, cx
.text:66A339FA sub eax, edx
.text:66A339FC movsx edx, word ptr [esi+6]
.text:66A33A00 add eax, 3Eh
.text:66A33A03 push edi
.text:66A33A04 movsx edi, word ptr [esi+0Ah]
.text:66A33A08 sar eax, 3
.text:66A33A0B lea ebx, [esi+6]
.text:66A33A0E and eax, 0FFFFFFFCh
.text:66A33A11 sub edi, edx
.text:66A33A13 movsx edx, ax
.text:66A33A16 mov [esi+4], ax
.text:66A33A1A imul edi, edx
The allocate code is : .text:66A33A68 push edi .text:66A33A69 call sub_668B5B30
But when it real process data to this memory, it use real decode data to write this memory but didn\xa1\xaft check this heap size. This is segment of the write code function(sub_66AE0A70): .text:66AE0B18 movsx edx, word ptr [edi+12h] ; default .text:66AE0B1C imul edx, [edi+0Ch] .text:66AE0B20 mov ecx, [edi+4] .text:66AE0B23 inc word ptr [edi+16h] .text:66AE0B27 mov eax, [esp+arg_0] .text:66AE0B2B add edx, ecx .text:66AE0B2D mov [eax], edx .text:66AE0B2F mov eax, [ebp+10h] .text:66AE0B32 test eax, eax .text:66AE0B34 jz short loc_66AE0B62 .text:66AE0B36 mov ax, [ebp+1Ch] .text:66AE0B3A mov edx, [ebp+0Ch] .text:66AE0B3D movzx cx, ah .text:66AE0B41 mov ch, al .text:66AE0B43 mov [edx], cx .text:66AE0B46 movsx eax, word ptr [edi+12h] .text:66AE0B4A imul eax, [ebp+14h] .text:66AE0B4E add eax, [ebp+10h] .text:66AE0B51 mov cx, [ebp+18h] .text:66AE0B55 mov [ebp+0Ch], eax .text:66AE0B58 mov [ebp+1Ah], cx .text:66AE0B5C mov word ptr [ebp+1Ch], 0
Vendor Status: Apple has released a patch for this vulnerability. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1.
Technical Details: When Quicktime processes the data field of a qtif format file, it will copy it to the stack by a byte to a byte , but there is no proper checking, so it will cause a stack overflow in memory. And in this stack, there is a function pointer which will be used immediately when it pre byte copies, so we can use it to bypass any stack overflow protection, such in xp sp2 and 2003 sp1.
The origin function point value is 0x44332211. We only need to overflow it to : 0x08332211, ensuring it didn't cause a crash before the 0x44 has been overflowed to 0x08. When it overflows to 0x08332211, we can execute code to 0x08332211, and can first use javascript to get this memory and set my code in it.
call [esp+138h+arg_4] <- call a function point in the stack, but this point can be overflowed
References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html
Protection: Retina Network Security Scanner has been updated to identify this vulnerability.
Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-2340.
Credit: Discovery: Fang Xing
Greetings: Thanks to all the guys at eEye, and especially Karl Lynn's help.
Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
I. Description
Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0300",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "BID",
"id": "16864"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eEye info@eEye.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14921",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3713",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#921193",
"trust": 0.8,
"value": "43.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#629845",
"trust": 0.8,
"value": "18.23"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#115729",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#150753",
"trust": 0.8,
"value": "32.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#913449",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-862",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14921",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14921"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime\u0027s handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote heap-based overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted GIF image file. \nA successful attack can result in a remote compromise. \nVersions prior to QuickTime 7.0.4 are vulnerable. \n\nThis flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls. The heap can be overwritten in the Picture Modifier block. \nThe block size calculate code such as:\n.text:66A339CC mov ax, [esi+0Ch]\n.text:66A339D0 xor ecx, ecx\n.text:66A339D2 mov [esp+34h+var_28], ecx\n.text:66A339D6 mov [esp+34h+var_24], ecx\n.text:66A339DA mov [esp+34h+var_20], ecx\n.text:66A339DE mov [esp+34h+var_1C], ecx\n.text:66A339E2 mov word ptr [esp+34h+var_10], cx\n.text:66A339E7 mov [esp+34h+arg_4], eax\n.text:66A339EB movsx eax, ax\n.text:66A339EE mov word ptr [esp+34h+var_10+2], cx\n.text:66A339F3 mov cx, [esi+8]\n.text:66A339F7 movsx edx, cx\n.text:66A339FA sub eax, edx\n.text:66A339FC movsx edx, word ptr [esi+6]\n.text:66A33A00 add eax, 3Eh\n.text:66A33A03 push edi\n.text:66A33A04 movsx edi, word ptr [esi+0Ah]\n.text:66A33A08 sar eax, 3\n.text:66A33A0B lea ebx, [esi+6]\n.text:66A33A0E and eax, 0FFFFFFFCh\n.text:66A33A11 sub edi, edx\n.text:66A33A13 movsx edx, ax\n.text:66A33A16 mov [esi+4], ax\n.text:66A33A1A imul edi, edx\n\nThe allocate code is :\n.text:66A33A68 push edi\n.text:66A33A69 call sub_668B5B30\n\n\nBut when it real process data to this memory, it use real decode data to write this memory \nbut didn\\xa1\\xaft check this heap size. This is segment of the write code function(sub_66AE0A70):\n.text:66AE0B18 movsx edx, word ptr [edi+12h] ; default\n.text:66AE0B1C imul edx, [edi+0Ch]\n.text:66AE0B20 mov ecx, [edi+4]\n.text:66AE0B23 inc word ptr [edi+16h]\n.text:66AE0B27 mov eax, [esp+arg_0]\n.text:66AE0B2B add edx, ecx\n.text:66AE0B2D mov [eax], edx\n.text:66AE0B2F mov eax, [ebp+10h]\n.text:66AE0B32 test eax, eax\n.text:66AE0B34 jz short loc_66AE0B62\n.text:66AE0B36 mov ax, [ebp+1Ch]\n.text:66AE0B3A mov edx, [ebp+0Ch]\n.text:66AE0B3D movzx cx, ah\n.text:66AE0B41 mov ch, al\n.text:66AE0B43 mov [edx], cx\n.text:66AE0B46 movsx eax, word ptr [edi+12h]\n.text:66AE0B4A imul eax, [ebp+14h]\n.text:66AE0B4E add eax, [ebp+10h]\n.text:66AE0B51 mov cx, [ebp+18h]\n.text:66AE0B55 mov [ebp+0Ch], eax\n.text:66AE0B58 mov [ebp+1Ah], cx\n.text:66AE0B5C mov word ptr [ebp+1Ch], 0\n\n\n\n\nVendor Status:\nApple has released a patch for this vulnerability. An attacker can create a qtif file and send\nit to the user via email, web page, or qtif file with activex and can\ndirecty overflow a function pointer immediately used so it can bypass\nany stack overflow protection in systems such as xp sp2 and 2003 sp1. \n\nTechnical Details:\nWhen Quicktime processes the data field of a qtif format file, it will\ncopy it to the stack by a byte to a byte , but there is no proper\nchecking, so it will cause a stack overflow in memory. And in this\nstack, there is a function pointer which will be used immediately when\nit pre byte copies, so we can use it to bypass any stack overflow\nprotection, such in xp sp2 and 2003 sp1. \n\nThe origin function point value is 0x44332211. We only need to overflow\nit to : 0x08332211, ensuring it didn\u0027t cause a crash before the 0x44 has\nbeen overflowed to 0x08. When it overflows to 0x08332211, we can\nexecute code to 0x08332211, and can first use javascript to get this\nmemory and set my code in it. \n\ncall [esp+138h+arg_4] \u003c- call a function point in the stack, but this\npoint can be overflowed\n\n\nReferences\nQuickTime: QuickTime File Format\nhttp://developer.apple.com/documentation/QuickTime/QTFF/index.html\n\nProtection:\nRetina Network Security Scanner has been updated to identify this\nvulnerability. \n\nVendor Status:\nApple has released a patch for this vulnerability. The patch is\navailable via the Updates section of the affected applications. \nThis vulnerability has been assigned the CVE identifier CVE-2005-2340. \n\nCredit:\nDiscovery: Fang Xing\n\nGreetings:\nThanks to all the guys at eEye, and especially Karl Lynn\u0027s help. \n\nCopyright (c) 1998-2006 eEye Digital Security\nPermission is hereby granted for the redistribution of this alert\nelectronically. It is not to be edited in any way without express\nconsent of eEye. If you wish to reprint the whole or any part of this\nalert in any other medium excluding electronic medium, please email\nalert@eEye.com for permission. \n\nDisclaimer\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare no warranties, implied or express, with regard to this information. \nIn no event shall the author be liable for any direct or indirect\ndamages whatsoever arising out of or in connection with the use or\nspread of this information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n \n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: January 11, 2006\n Last revised: January 11, 2006\n Source: US-CERT\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows XP\n * Microsoft Windows 2000\n\n\nOverview\n\n Apple has released QuickTime 7.0.4 to correct multiple\n vulnerabilities. The impacts of these vulnerabilities include\n execution of arbitrary code and denial of service. \n\n\nI. Description\n\n Apple QuickTime 7.0.4 resolves a number of image and media file\n handling vulnerabilities. \n (CAN-2005-3713)\n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. Potential\n consequences include remote execution of arbitrary code or commands\n and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#629845 -\n \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n * US-CERT Vulnerability Note VU#921193 -\n \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n * US-CERT Vulnerability Note VU#115729 -\n \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n * US-CERT Vulnerability Note VU#150753 -\n \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n * US-CERT Vulnerability Note VU#913449 -\n \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n * CVE-2005-2340 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n * CVE-2005-4092 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n * CVE-2005-3707 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n * CVE-2005-3710 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n * CVE-2005-3713 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n * Security Content for QuickTime 7.0.4 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n * QuickTime 7.0.4 -\n \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n * About the Mac OS X 10.4.4 Update (Delta) -\n \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3713"
},
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "BID",
"id": "16864"
},
{
"db": "VULHUB",
"id": "VHN-14921"
},
{
"db": "PACKETSTORM",
"id": "43060"
},
{
"db": "PACKETSTORM",
"id": "43057"
},
{
"db": "PACKETSTORM",
"id": "43062"
}
],
"trust": 5.85
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14921",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14921"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "18370",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#913449",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2005-3713",
"trust": 3.1
},
{
"db": "USCERT",
"id": "TA06-011A",
"trust": 2.6
},
{
"db": "BID",
"id": "16202",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1015466",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#921193",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#629845",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#115729",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#150753",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0128",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22338",
"trust": 1.7
},
{
"db": "SREASON",
"id": "333",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22337",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-862",
"trust": 0.7
},
{
"db": "XF",
"id": "24060",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-011A",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8392",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8395",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8394\u203b8395\u203b8392\u203b8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8394",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060111 [EEYEB-20051031] APPLE QUICKTIME MALFORMED GIF HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-01-10",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 [EEYEB-20051031] APPLE QUICKTIME MALFORMED GIF HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "BID",
"id": "16864",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "43057",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "43060",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14921",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43062",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14921"
},
{
"db": "BID",
"id": "16864"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43060"
},
{
"db": "PACKETSTORM",
"id": "43057"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"id": "VAR-200512-0300",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14921"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:24:53.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download the Standalone QuickTime Player",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/standalone.html"
},
{
"title": "TA23845",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta23845?viewlocale=ja_jp"
},
{
"title": "TA06-011A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14921"
},
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.9,
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/18370/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/16202"
},
{
"trust": 2.5,
"url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0402.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0401.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22338"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015466"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18370"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/333"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421561/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24060"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-011a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/629845"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/115729"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0128"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24060"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421561/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8394\u203b8395\u203b8392\u203b8393"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "/archive/1/421566"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/913449\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/629845\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/115729\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/921193\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/150753\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14921"
},
{
"db": "BID",
"id": "16864"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43060"
},
{
"db": "PACKETSTORM",
"id": "43057"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14921"
},
{
"db": "BID",
"id": "16864"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43060"
},
{
"db": "PACKETSTORM",
"id": "43057"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14921"
},
{
"date": "2006-01-10T00:00:00",
"db": "BID",
"id": "16864"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-01-15T15:35:32",
"db": "PACKETSTORM",
"id": "43060"
},
{
"date": "2006-01-15T15:29:29",
"db": "PACKETSTORM",
"id": "43057"
},
{
"date": "2006-01-15T15:39:24",
"db": "PACKETSTORM",
"id": "43062"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14921"
},
{
"date": "2008-05-01T18:56:00",
"db": "BID",
"id": "16864"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-862"
},
{
"date": "2018-10-19T15:38:55.903000",
"db": "NVD",
"id": "CVE-2005-3713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle corrupt media files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-862"
}
],
"trust": 0.6
}
}
VAR-200512-0294
Vulnerability from variot - Updated: 2024-07-23 22:24Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TGA image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04
Apple QuickTime Player Improper Memory Access Vulnerability
Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info
Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in the Apple QuickTime Player.
Impact : Execute arbitrary code
Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update.
Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update.
Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability.
Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
I. Description
Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "BID",
"id": "16872"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dejun Meng",
"sources": [
{
"db": "PACKETSTORM",
"id": "43080"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
}
],
"trust": 0.7
},
"cve": "CVE-2005-3707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14915",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3707",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#921193",
"trust": 0.8,
"value": "43.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#629845",
"trust": 0.8,
"value": "18.23"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#115729",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#150753",
"trust": 0.8,
"value": "32.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#913449",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-710",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14915",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14915"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted TGA image file. \nA successful attack can result in a remote compromise. \nVersions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04\n\nApple QuickTime Player Improper Memory Access Vulnerability\n\nAdvisory Date : January 12, 2006\nReported Date : November 28, 2005\nVendor : Apple computers\nAffected Products : Apple QuickTime Player v7.0.3\nSeverity : High\nReference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\n http://docs.info.apple.com/article.html?artnum=303101\n http://www.securityfocus.com/bid/16202/info\n\nDescription : Fortinet Security Research Team (FSRT) has\ndiscovered a Improper Memory Access Vulnerability in the Apple QuickTime\nPlayer. \n\nImpact : Execute arbitrary code\n\nSolution : Apple Computers has released a security update for\nthis vulnerability, which is available for downloading from Apples\u0027s web\nsite under security update. \n\nFortinet Protection: Fortinet is protecting network from this\nvulnerability with latest IPS update. \n\nAcknowledgment : Dejun Meng of Fortinet Security Research team found\nthis vulnerability. \n\nDisclaimer : Although Fortinet has attempted to provide accurate\ninformation in these materials, Fortinet assumes no legal responsibility\nfor the accuracy or completeness of the information. Please note that\nFortinet\u0027s product information does not constitute or contain any\nguarantee, warranty or legally binding representation, unless expressly\nidentified as such in a duly signed writing. \n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n \n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: January 11, 2006\n Last revised: January 11, 2006\n Source: US-CERT\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows XP\n * Microsoft Windows 2000\n\n\nOverview\n\n Apple has released QuickTime 7.0.4 to correct multiple\n vulnerabilities. The impacts of these vulnerabilities include\n execution of arbitrary code and denial of service. \n\n\nI. Description\n\n Apple QuickTime 7.0.4 resolves a number of image and media file\n handling vulnerabilities. \n (CAN-2005-3713)\n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. Potential\n consequences include remote execution of arbitrary code or commands\n and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#629845 -\n \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n * US-CERT Vulnerability Note VU#921193 -\n \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n * US-CERT Vulnerability Note VU#115729 -\n \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n * US-CERT Vulnerability Note VU#150753 -\n \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n * US-CERT Vulnerability Note VU#913449 -\n \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n * CVE-2005-2340 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n * CVE-2005-4092 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n * CVE-2005-3707 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n * CVE-2005-3710 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n * CVE-2005-3713 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n * Security Content for QuickTime 7.0.4 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n * QuickTime 7.0.4 -\n \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n * About the Mac OS X 10.4.4 Update (Delta) -\n \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3707"
},
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "BID",
"id": "16872"
},
{
"db": "VULHUB",
"id": "VHN-14915"
},
{
"db": "PACKETSTORM",
"id": "43080"
},
{
"db": "PACKETSTORM",
"id": "43062"
}
],
"trust": 5.76
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "18370",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#115729",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2005-3707",
"trust": 3.0
},
{
"db": "BID",
"id": "16202",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA06-011A",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#921193",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#629845",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#150753",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#913449",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015464",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0128",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22336",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "22337",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1015466",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-011A",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8393\u203b8395\u203b8392\u203b8394",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8395",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8392",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8394",
"trust": 0.6
},
{
"db": "XF",
"id": "24056",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060112 FORTINET SECURITY ADVISORY: \"APPLE QUICKTIME PLAYER IMPROPER MEMORY ACCESS VULNERABILITY\"",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-01-10",
"trust": 0.6
},
{
"db": "BID",
"id": "16872",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "43080",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14915",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43062",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14915"
},
{
"db": "BID",
"id": "16872"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43080"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"id": "VAR-200512-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14915"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:24:53.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download the Standalone QuickTime Player",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/standalone.html"
},
{
"title": "TA23845",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta23845?viewlocale=ja_jp"
},
{
"title": "TA06-011A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/18370/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/16202"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/115729"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22336"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015464"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18370"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-011a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/629845"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0128"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24056"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8393\u203b8395\u203b8392\u203b8394"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/16202/info"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/913449\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/629845\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/115729\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/921193\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/150753\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14915"
},
{
"db": "BID",
"id": "16872"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43080"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14915"
},
{
"db": "BID",
"id": "16872"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43080"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14915"
},
{
"date": "2006-01-10T00:00:00",
"db": "BID",
"id": "16872"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-01-15T16:45:18",
"db": "PACKETSTORM",
"id": "43080"
},
{
"date": "2006-01-15T15:39:24",
"db": "PACKETSTORM",
"id": "43062"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-14915"
},
{
"date": "2008-05-01T21:36:00",
"db": "BID",
"id": "16872"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-710"
},
{
"date": "2017-07-11T01:33:17.330000",
"db": "NVD",
"id": "CVE-2005-3707"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "43080"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle corrupt media files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-710"
}
],
"trust": 0.6
}
}
VAR-200512-0297
Vulnerability from variot - Updated: 2024-07-23 22:24Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TIFF file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03
Apple QuickTime Player ImageWidth Denial of Service Vulnerability
Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : Medium Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info
Description : Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter ImageWidth value while parsing TIFF image files.
Impact : Denial of Service
Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update.
Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update.
Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
I. Description
Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0297",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "BID",
"id": "16867"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dejun Meng vulnmonitor@fortinet.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3710",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3710",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#921193",
"trust": 0.8,
"value": "43.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#629845",
"trust": 0.8,
"value": "18.23"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#115729",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#150753",
"trust": 0.8,
"value": "32.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#913449",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-926",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14918",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14918"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted TIFF file. \nA successful attack can result in a remote compromise. \nVersions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03\n\nApple QuickTime Player ImageWidth Denial of Service Vulnerability\n\nAdvisory Date : January 12, 2006\nReported Date : November 28, 2005\nVendor : Apple computers\nAffected Products : Apple QuickTime Player v7.0.3\nSeverity : Medium\nReference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\n http://docs.info.apple.com/article.html?artnum=303101\n http://www.securityfocus.com/bid/16202/info\n\nDescription : Fortinet Security Research Team (FSRT) has\ndiscovered a Denial of Service Vulnerability in the Apple QuickTime\nPlayer. This is due to application failure to\nsanitize the parameter ImageWidth value while parsing TIFF image files. \n\nImpact : Denial of Service\n\nSolution : Apple Computers has released a security update for\nthis vulnerability, which is available for downloading from Apples\u0027s web\nsite under security update. \n\nFortinet Protection: Fortinet is protecting network from this\nvulnerability with latest IPS update. \n\nAcknowledgment : Dejun Meng of Fortinet Security Research team found\nthis vulnerability. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n \n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: January 11, 2006\n Last revised: January 11, 2006\n Source: US-CERT\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows XP\n * Microsoft Windows 2000\n\n\nOverview\n\n Apple has released QuickTime 7.0.4 to correct multiple\n vulnerabilities. The impacts of these vulnerabilities include\n execution of arbitrary code and denial of service. \n\n\nI. Description\n\n Apple QuickTime 7.0.4 resolves a number of image and media file\n handling vulnerabilities. \n (CAN-2005-3713)\n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. Potential\n consequences include remote execution of arbitrary code or commands\n and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#629845 -\n \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n * US-CERT Vulnerability Note VU#921193 -\n \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n * US-CERT Vulnerability Note VU#115729 -\n \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n * US-CERT Vulnerability Note VU#150753 -\n \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n * US-CERT Vulnerability Note VU#913449 -\n \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n * CVE-2005-2340 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n * CVE-2005-4092 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n * CVE-2005-3707 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n * CVE-2005-3710 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n * CVE-2005-3713 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n * Security Content for QuickTime 7.0.4 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n * QuickTime 7.0.4 -\n \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n * About the Mac OS X 10.4.4 Update (Delta) -\n \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3710"
},
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "BID",
"id": "16867"
},
{
"db": "VULHUB",
"id": "VHN-14918"
},
{
"db": "PACKETSTORM",
"id": "43079"
},
{
"db": "PACKETSTORM",
"id": "43062"
}
],
"trust": 5.76
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "18370",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#150753",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2005-3710",
"trust": 3.0
},
{
"db": "BID",
"id": "16202",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA06-011A",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "22337",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#921193",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#629845",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#115729",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#913449",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0128",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015465",
"trust": 1.7
},
{
"db": "SREASON",
"id": "347",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015466",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-011A",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8392",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8392\u203b8395\u203b8394\u203b8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8395",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8393",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "8394",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-01-10",
"trust": 0.6
},
{
"db": "XF",
"id": "24059",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060112 FORTINET ADVISORY - APPLE QUICKTIME PLAYER IMAGEWIDTH DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060112 FORTINET ADVISORY - APPLE QUICKTIME PLAYER IMAGEWIDTH DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "16867",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "43079",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-14918",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43062",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14918"
},
{
"db": "BID",
"id": "16867"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43079"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"id": "VAR-200512-0297",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14918"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:24:53.525000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download the Standalone QuickTime Player",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/standalone.html"
},
{
"title": "TA23845",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta23845?viewlocale=ja_jp"
},
{
"title": "TA06-011A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14918"
},
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/18370/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/16202"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22337"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015465"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18370"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/347"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421797/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24059"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-011a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/629845"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/115729"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0128"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24059"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421797/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/8392\u203b8395\u203b8394\u203b8393"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/16202/info"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/913449\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/629845\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/115729\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/921193\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/150753\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14918"
},
{
"db": "BID",
"id": "16867"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43079"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-14918"
},
{
"db": "BID",
"id": "16867"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43079"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14918"
},
{
"date": "2006-01-10T00:00:00",
"db": "BID",
"id": "16867"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-01-15T16:42:59",
"db": "PACKETSTORM",
"id": "43079"
},
{
"date": "2006-01-15T15:39:24",
"db": "PACKETSTORM",
"id": "43062"
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14918"
},
{
"date": "2008-05-01T21:16:00",
"db": "BID",
"id": "16867"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-926"
},
{
"date": "2018-10-19T15:38:54.153000",
"db": "NVD",
"id": "CVE-2005-3710"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "43079"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle corrupt media files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-926"
}
],
"trust": 0.6
}
}
VAR-200512-0611
Vulnerability from variot - Updated: 2024-07-23 22:24Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. This issue may be triggered when the application processes a malformed movie (.MOV) file. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts.
This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
Technical Details: Technical Description: The code in QuickTime.qts responsible for the size of the Sample Description Table entries from the 'stsd' atom in a QuickTime-format movie on the heap. According to developer.apple.com, the format of the Sample Description Atom is as follows:
Field Description
Size 32-bit int Data Format 4 char code Reserved 6 bytes that must be 0 Data Reference Index 16-bit int Hint Track Version 16-bit unsigned int Last compatible hint track version 16-bit unsigned int Max Packet Size 32-bit int Additional Data Table Variable
By setting the size of the Sample Description Table to a size of 00 15 - 00 D0 will cause a heap-based overflow. By supplying the "Last compatible hint track version" field with the value of 00 05 - 00 09, an insufficiently-sized heap block will be allocated, resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function and the attacker can control memory with data taken from the filename of the .MOV file. This vulnerability can be successfully exploited via an embedded media player in an HTML page, email, or HTML link.
References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html
Protection: Retina Network Security Scanner has been updated to identify this vulnerability.
Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-4092.
Credit: Discovery: Karl Lynn
Greetings: 0x41414141
Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
I. (CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.4"
},
{
"model": "quicktime alternative",
"scope": "eq",
"trust": 0.3,
"vendor": "free codecs com",
"version": "1.67"
},
{
"model": "esignal",
"scope": "ne",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "BID",
"id": "16202"
},
{
"db": "BID",
"id": "15732"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karl Lynn0x41414141Tom Ferris tommy@security-protocols.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-15300",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-4092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#921193",
"trust": 0.8,
"value": "43.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#629845",
"trust": 0.8,
"value": "18.23"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#115729",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#150753",
"trust": 0.8,
"value": "32.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#913449",
"trust": 0.8,
"value": "3.85"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-165",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-15300",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-15300"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime\u0027s handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. \nThese issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. \nSuccessful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. \nThis issue may be triggered when the application processes a malformed movie (.MOV) file. \nSuccessful exploitation will result in execution of arbitrary code in the context of the currently logged in user. \nThis issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts. \n\nThis specific flaw exists within the QuickTime.qts file which many\napplications access QuickTime\u0027s functionality through. By specially\ncrafting atoms within a movie file, a direct heap overwrite is\ntriggered, and reliable code execution is then possible. \n\nTechnical Details:\nTechnical Description:\nThe code in QuickTime.qts responsible for the size of the Sample\nDescription Table entries from the \u0027stsd\u0027 atom in a QuickTime-format\nmovie on the heap. According to developer.apple.com, the format of the\nSample Description Atom is as follows:\n\nField\t \t Description\n----------------------------------------------------------------\nSize\t\t\t\t\t32-bit int\nData Format\t\t\t\t4 char code\nReserved\t\t\t\t6 bytes that must be 0\nData Reference Index \t\t16-bit int\nHint Track Version \t\t16-bit unsigned int\nLast compatible hint track version \t16-bit unsigned int\nMax Packet Size\t\t\t\t32-bit int\nAdditional Data Table\t\t\tVariable\n\nBy setting the size of the Sample Description Table to a size of 00 15 -\n00 D0 will cause a heap-based overflow. By supplying the \"Last\ncompatible hint track version\" field with the value of 00 05 - 00 09, an\ninsufficiently-sized heap block will be allocated, resulting in a\nclassic complete heap memory overwrite\nduring the RtlAllocateHeap() function and the attacker can control\nmemory with data taken from the filename of the .MOV file. This\nvulnerability can be successfully exploited via an embedded media player\nin an HTML page, email, or HTML link. \n\nReferences\nQuickTime: QuickTime File Format\nhttp://developer.apple.com/documentation/QuickTime/QTFF/index.html\n\nProtection:\nRetina Network Security Scanner has been updated to identify this\nvulnerability. \n\nVendor Status:\nApple has released a patch for this vulnerability. The patch is\navailable via the Updates section of the affected applications. \nThis vulnerability has been assigned the CVE identifier CVE-2005-4092. \n\nCredit:\nDiscovery: Karl Lynn\n\nGreetings:\n0x41414141\n\nCopyright (c) 1998-2006 eEye Digital Security\nPermission is hereby granted for the redistribution of this alert\nelectronically. It is not to be edited in any way without express\nconsent of eEye. If you wish to reprint the whole or any part of this\nalert in any other medium excluding electronic medium, please email\nalert@eEye.com for permission. \n\nDisclaimer\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare no warranties, implied or express, with regard to this information. \nIn no event shall the author be liable for any direct or indirect\ndamages whatsoever arising out of or in connection with the use or\nspread of this information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n \n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: January 11, 2006\n Last revised: January 11, 2006\n Source: US-CERT\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows XP\n * Microsoft Windows 2000\n\n\nOverview\n\n Apple has released QuickTime 7.0.4 to correct multiple\n vulnerabilities. The impacts of these vulnerabilities include\n execution of arbitrary code and denial of service. \n\n\nI. \n (CAN-2005-3713)\n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. \n\n\nIII. Solution\n\nUpgrade\n\n Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#629845 -\n \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n * US-CERT Vulnerability Note VU#921193 -\n \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n * US-CERT Vulnerability Note VU#115729 -\n \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n * US-CERT Vulnerability Note VU#150753 -\n \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n * US-CERT Vulnerability Note VU#913449 -\n \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n * CVE-2005-2340 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n * CVE-2005-4092 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n * CVE-2005-3707 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n * CVE-2005-3710 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n * CVE-2005-3713 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n * Security Content for QuickTime 7.0.4 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n * QuickTime 7.0.4 -\n \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n * About the Mac OS X 10.4.4 Update (Delta) -\n \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4092"
},
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "BID",
"id": "16202"
},
{
"db": "BID",
"id": "15732"
},
{
"db": "VULHUB",
"id": "VHN-15300"
},
{
"db": "PACKETSTORM",
"id": "43058"
},
{
"db": "PACKETSTORM",
"id": "43059"
},
{
"db": "PACKETSTORM",
"id": "43062"
}
],
"trust": 6.12
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-15300",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15300"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "18370",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#921193",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2005-4092",
"trust": 3.1
},
{
"db": "USCERT",
"id": "TA06-011A",
"trust": 2.6
},
{
"db": "BID",
"id": "15732",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#629845",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#115729",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#150753",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#913449",
"trust": 1.7
},
{
"db": "SREASON",
"id": "334",
"trust": 1.7
},
{
"db": "SREASON",
"id": "336",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "18149",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015397",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015396",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015356",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0128",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2005-3012",
"trust": 1.7
},
{
"db": "BID",
"id": "16202",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "22337",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1015466",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-011A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 [EEYEB-20051117B] APPLE ITUNES (QUICKTIME.QTS) HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 [EEYEB-20051117A] APPLE QUICKTIME STSD ATOM HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-01-10",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "43059",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "43058",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "43062",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-15300",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-15300"
},
{
"db": "BID",
"id": "16202"
},
{
"db": "BID",
"id": "15732"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43058"
},
{
"db": "PACKETSTORM",
"id": "43059"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"id": "VAR-200512-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15300"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:24:53.455000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download the Standalone QuickTime Player",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/standalone.html"
},
{
"title": "TA23845",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta23845?viewlocale=ja_jp"
},
{
"title": "TA06-011A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15300"
},
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.9,
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/18370/"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/921193"
},
{
"trust": 2.0,
"url": "http://security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"trust": 1.9,
"url": "http://www.security-protocols.com/modules.php?name=news\u0026file=article\u0026sid=3109"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15732"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
},
{
"trust": 1.7,
"url": "http://www.eeye.com/html/research/upcoming/20051117a.html"
},
{
"trust": 1.7,
"url": "http://www.eeye.com/html/research/upcoming/20051117b.html"
},
{
"trust": 1.7,
"url": "http://www.security-protocols.com/advisory/sp-x21-advisory.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015356"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015396"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015397"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18149"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18370"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/334"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/336"
},
{
"trust": 1.6,
"url": "http://www.security-protocols.com/modules.php?name=news\u0026file=article\u0026sid=3133"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421635/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/421569/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/3012"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/16202"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
},
{
"trust": 0.8,
"url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-011a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/629845"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/115729"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/150753"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/913449"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421635/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421569/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0128"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2005/3012"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "/archive/1/421561"
},
{
"trust": 0.3,
"url": "/archive/1/421566"
},
{
"trust": 0.3,
"url": "/archive/1/421831"
},
{
"trust": 0.3,
"url": "/archive/1/421799"
},
{
"trust": 0.3,
"url": "http://www.free-codecs.com/download/quicktime_alternative.htm"
},
{
"trust": 0.3,
"url": "/archive/1/421635"
},
{
"trust": 0.3,
"url": "/archive/1/421569"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
},
{
"trust": 0.2,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://www.security-protocols.com/modules.php?name=news\u0026amp;file=article\u0026amp;sid=3109"
},
{
"trust": 0.1,
"url": "http://www.security-protocols.com/modules.php?name=news\u0026amp;file=article\u0026amp;sid=3133"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/913449\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/629845\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/115729\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/921193\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/150753\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-15300"
},
{
"db": "BID",
"id": "16202"
},
{
"db": "BID",
"id": "15732"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43058"
},
{
"db": "PACKETSTORM",
"id": "43059"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#921193"
},
{
"db": "CERT/CC",
"id": "VU#629845"
},
{
"db": "CERT/CC",
"id": "VU#115729"
},
{
"db": "CERT/CC",
"id": "VU#150753"
},
{
"db": "CERT/CC",
"id": "VU#913449"
},
{
"db": "VULHUB",
"id": "VHN-15300"
},
{
"db": "BID",
"id": "16202"
},
{
"db": "BID",
"id": "15732"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"db": "PACKETSTORM",
"id": "43058"
},
{
"db": "PACKETSTORM",
"id": "43059"
},
{
"db": "PACKETSTORM",
"id": "43062"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2005-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-15300"
},
{
"date": "2006-01-10T00:00:00",
"db": "BID",
"id": "16202"
},
{
"date": "2005-12-02T00:00:00",
"db": "BID",
"id": "15732"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2006-01-15T15:32:06",
"db": "PACKETSTORM",
"id": "43058"
},
{
"date": "2006-01-15T15:33:12",
"db": "PACKETSTORM",
"id": "43059"
},
{
"date": "2006-01-15T15:39:24",
"db": "PACKETSTORM",
"id": "43062"
},
{
"date": "2005-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"date": "2005-12-08T11:03:00",
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-12T00:00:00",
"db": "CERT/CC",
"id": "VU#921193"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#629845"
},
{
"date": "2006-01-11T00:00:00",
"db": "CERT/CC",
"id": "VU#115729"
},
{
"date": "2006-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#150753"
},
{
"date": "2006-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#913449"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-15300"
},
{
"date": "2008-05-01T18:56:00",
"db": "BID",
"id": "16202"
},
{
"date": "2006-01-11T18:56:00",
"db": "BID",
"id": "15732"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000858"
},
{
"date": "2012-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-165"
},
{
"date": "2018-10-19T15:40:05.643000",
"db": "NVD",
"id": "CVE-2005-4092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "43058"
},
{
"db": "PACKETSTORM",
"id": "43059"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-165"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle corrupt media files",
"sources": [
{
"db": "CERT/CC",
"id": "VU#921193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "16202"
},
{
"db": "BID",
"id": "15732"
}
],
"trust": 0.6
}
}
VAR-200609-0314
Vulnerability from variot - Updated: 2024-07-23 22:19Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.
- Legal Notice
Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs .
I. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes.
II. For further information, please see the Vulnerability Notes.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.3.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document. Please send email to cert@cert.org with "TA06-256A Feedback VU#540348" in the subject.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
September 13, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4388",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4388",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-184",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20496",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20496"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. \n\n\nI. Since QuickTime configures most web browsers to\n handle QuickTime media files, an attacker could exploit these\n vulnerabilities using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes. \n\n\nII. For further information, please see\n the Vulnerability Notes. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.3. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading\n a user to access a specially crafted file with a web\n browser. Disabling QuickTime in your web browser will defend\n against this attack vector. For more information, refer to the\n Securing Your Web Browser document. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-256A Feedback VU#540348\" in the\n subject. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n \n\n Revision History\n\n September 13, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO\n8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s\nFzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa\nm19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE\npZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG\nR59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg==\n=nQVd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4388"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20496"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2006-4388",
"trust": 3.0
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1554",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28770",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-184",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "XF",
"id": "28935",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-20496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20496"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"id": "VAR-200609-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20496"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:19:17.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2006-09-12",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 2.4,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 2.4,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28770"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1554"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4388"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28935"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304357\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime713.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_713\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20496"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20496"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20496"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2006-09-14T07:23:59",
"db": "PACKETSTORM",
"id": "50016"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20496"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001146"
},
{
"date": "2013-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-184"
},
{
"date": "2018-10-17T21:36:54.430000",
"db": "NVD",
"id": "CVE-2006-4388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle SGI images",
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-184"
}
],
"trust": 0.6
}
}
VAR-200609-0311
Vulnerability from variot - Updated: 2024-07-23 22:12Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. Apple QuickTime fails to properly handle SGI images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime FLIC File Heap Overflow Vulnerability
iDefense Security Advisory 09.12.06 http://www.idefense.com/intelligence/vulnerabilities/ Sep 12, 2006
I. BACKGROUND
Quicktime is Apple's media player product used to render video and other media. For more information visit http://www.apple.com/quicktime/
II.
A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label.
The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption.
III. In order to exploit this vulnerability, attackers must social engineer victims into visiting a website under their control.
The QuickTime plugin can be forced to load in Firefox and Internet Explorer. Furthermore, testing shows that either browser can be used as an attack vector. It is also possible to open this type of file directly from within QuickTime or from a playlist that QuickTime has opened.
The data being used to overwrite the heap is in the form 0x00XXYYZZ, where XX, YY and ZZ are controllable. This limits the range of values that can be overwritten, but does not prevent it.
IV. DETECTION
iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.
V. WORKAROUND
iDefense is currently unaware of any effective workarounds for this vulnerability.
VI. VENDOR RESPONSE
" QuickTime 7.1.3 may be obtained from the Software Update pane in System Preferences, or from the Download tab in the QuickTime site http://www.apple.com/quicktime/
For Mac OS X v10.3.9 or later The download file is named: "QuickTimeInstallerX.dmg" Its SHA-1 digest is: 55cfeb0d92d8e0a0694267df58d2b53526d24d3d
QuickTime 7.1.3 for Windows 2000/XP The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 047a9f2d88c8a865b4ad5f24c9904b8727ba71e7
QuickTime 7.1.3 with iTunes for Windows 2000/XP The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 5cdc86b2edb1411b9a022f05b1bfbe858fbcf901
Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 "
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2006-4384 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
08/16/2006 Initial vendor notification 08/16/2006 Initial vendor response 09/12/2006 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Rub\xe9n Santamarta of reversemode.com.
Get paid for vulnerability research http://www.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.iDefense.com/
X. LEGAL NOTICES
Copyright \xa9 2006 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@iDefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs .
I. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.3.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. For more information, refer to the Securing Your Web Browser document. Please send email to cert@cert.org with "TA06-256A Feedback VU#540348" in the subject.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
September 13, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4384",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20492",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4384",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#489836",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20492",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20492"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. Apple QuickTime fails to properly handle SGI images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime FLIC File Heap Overflow Vulnerability\n\niDefense Security Advisory 09.12.06\nhttp://www.idefense.com/intelligence/vulnerabilities/\nSep 12, 2006\n\nI. BACKGROUND\n\nQuicktime is Apple\u0027s media player product used to render video and other\nmedia. For more information visit http://www.apple.com/quicktime/\n\nII. \n\nA FLIC file is an animation file consisting of a number of frames, each\nof which is made up of an image and may contain other information such\nas a palette or a label. \n\nThe vulnerability specifically exists in the handling of the COLOR_64\nchunk in FLIC format files. QuickTime does not validate that the data\nsize allocated to store the palette is large enough, allowing a\nmalformed file to cause controllable heap corruption. \n\nIII. In order to exploit this\nvulnerability, attackers must social engineer victims into visiting a\nwebsite under their control. \n\nThe QuickTime plugin can be forced to load in Firefox and Internet\nExplorer. Furthermore, testing shows that either browser can be used as\nan attack vector. It is also possible to open this type of file directly\nfrom within QuickTime or from a playlist that QuickTime has opened. \n\nThe data being used to overwrite the heap is in the form 0x00XXYYZZ,\nwhere XX, YY and ZZ are controllable. This limits the range of values\nthat can be overwritten, but does not prevent it. \n\nIV. DETECTION\n\niDefense Labs confirmed that version 7.1 of the QuickTime player is\nvulnerable. It is suspected that all previous versions are also\naffected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any effective workarounds for this\nvulnerability. \n\nVI. VENDOR RESPONSE\n\n\"\nQuickTime 7.1.3 may be obtained from the Software Update pane in\nSystem Preferences, or from the Download tab in the QuickTime site\nhttp://www.apple.com/quicktime/\n\nFor Mac OS X v10.3.9 or later\nThe download file is named: \"QuickTimeInstallerX.dmg\"\nIts SHA-1 digest is: 55cfeb0d92d8e0a0694267df58d2b53526d24d3d\n\nQuickTime 7.1.3 for Windows 2000/XP\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: 047a9f2d88c8a865b4ad5f24c9904b8727ba71e7\n\nQuickTime 7.1.3 with iTunes for Windows 2000/XP\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: 5cdc86b2edb1411b9a022f05b1bfbe858fbcf901\n\nInformation will also be posted to the Apple Product Security\nweb site: http://docs.info.apple.com/article.html?artnum=61798\n\"\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2006-4384 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n08/16/2006 Initial vendor notification\n08/16/2006 Initial vendor response\n09/12/2006 Coordinated public disclosure\n\nIX. CREDIT\n\nThis vulnerability was reported to iDefense by Rub\\xe9n Santamarta of\nreversemode.com. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.iDefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2006 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@iDefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. \n\n\nI. Since QuickTime configures most web browsers to\n handle QuickTime media files, an attacker could exploit these\n vulnerabilities using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.3. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading\n a user to access a specially crafted file with a web\n browser. For more information, refer to the\n Securing Your Web Browser document. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-256A Feedback VU#540348\" in the\n subject. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n \n\n Revision History\n\n September 13, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO\n8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s\nFzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa\nm19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE\npZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG\nR59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg==\n=nQVd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4384"
},
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20492"
},
{
"db": "PACKETSTORM",
"id": "49972"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 6.66
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20492",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20492"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 5.7
},
{
"db": "CERT/CC",
"id": "VU#489836",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-4384",
"trust": 3.1
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "28771",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1554",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060915 [REVERSEMODE ADVISORY] APPLE QUICKTIME FLIC FILE HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "28930",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20060912 APPLE QUICKTIME FLIC FILE HEAP OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49972",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "28521",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-82082",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-20492",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20492"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"db": "PACKETSTORM",
"id": "49972"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"id": "VAR-200609-0311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20492"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:12:46.615000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2006-09-12",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 4.0,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 3.2,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 3.2,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 3.2,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/489836"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=413"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28771"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1554"
},
{
"trust": 1.6,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=25"
},
{
"trust": 1.6,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=24"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/446134/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28930"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4384"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28930"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/446134/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.4,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026amp;itemid=2\u0026amp;func=fileinfo\u0026amp;id=24"
},
{
"trust": 0.1,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026amp;itemid=2\u0026amp;func=fileinfo\u0026amp;id=25"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304357\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime713.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_713\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20492"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"db": "PACKETSTORM",
"id": "49972"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20492"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"db": "PACKETSTORM",
"id": "49972"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-14T00:00:00",
"db": "CERT/CC",
"id": "VU#489836"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20492"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"date": "2006-09-13T09:34:05",
"db": "PACKETSTORM",
"id": "49972"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2006-09-14T07:23:59",
"db": "PACKETSTORM",
"id": "50016"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-14T00:00:00",
"db": "CERT/CC",
"id": "VU#489836"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20492"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001145"
},
{
"date": "2013-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-173"
},
{
"date": "2018-10-17T21:36:50.867000",
"db": "NVD",
"id": "CVE-2006-4384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "49972"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle FLC movies",
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-173"
}
],
"trust": 0.6
}
}
VAR-200703-0010
Vulnerability from variot - Updated: 2024-07-23 22:10Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0712). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24359
VERIFY ADVISORY: http://secunia.com/advisories/24359/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:mac:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0712",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-24074",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0712",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-172",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24074",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24074"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0712). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24359\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24359/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which\npotentially can be exploited by malicious people to compromise a\nuser\u0027s system. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n3) A boundary error in the handling of QuickTime movie files can be\nexploited to cause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n5) A boundary error in the handling of PICT files can be exploited to\ncause a heap-based buffer overflow. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0712"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "VULHUB",
"id": "VHN-24074"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-0712",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33904",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "XF",
"id": "32814",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "XF",
"id": "32816",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24074",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24074"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"id": "VAR-200703-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24074"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:10:30.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24074"
},
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33904"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32816"
},
{
"trust": 0.9,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0712"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/32814"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0712"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/32816"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24074"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24074"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24074"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-24074"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000192"
},
{
"date": "2009-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-172"
},
{
"date": "2018-10-30T16:25:17.370000",
"db": "NVD",
"id": "CVE-2007-0712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-172"
}
],
"trust": 0.6
}
}
VAR-200703-0016
Vulnerability from variot - Updated: 2024-07-23 22:06Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0715). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24359
VERIFY ADVISORY: http://secunia.com/advisories/24359/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0715",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-24077",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0715",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-24077",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0715). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24359\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24359/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which\npotentially can be exploited by malicious people to compromise a\nuser\u0027s system. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0715"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-0715",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33901",
"trust": 1.7
},
{
"db": "XF",
"id": "32821",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24077",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"id": "VAR-200703-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24077"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:06:48.011000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33901"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32821"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32821"
},
{
"trust": 0.9,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0715"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0715"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24077"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-24077"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"date": "2007-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"date": "2017-07-29T01:30:21.843000",
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
}
],
"trust": 0.6
}
}
VAR-200905-0043
Vulnerability from variot - Updated: 2024-07-23 22:06Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user. The QuickDraw component of Apple Mac OS X is prone to a memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a specially crafted PICT image file. A successful exploit will allow arbitrary attacker-supplied code to run in the context of the victim running the affected application. NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. The way PICT graphics are handled has an integer underflow that can lead to a heap overflow, and opening a malicious PICT graphic could lead to unexpected application termination or arbitrary code execution. ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-021 May 13, 2009
-- CVE ID: CVE-2009-0010
-- Affected Vendors: Apple
-- Affected Products: Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8048.
-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT3549
-- Disclosure Timeline: 2009-04-15 - Vulnerability reported to vendor 2009-05-13 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Damian Put, Sebastian Apelt
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200905-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.6"
},
{
"model": "quicktime",
"scope": null,
"trust": 1.4,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5 to v10.5.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5 to v10.5.6"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"db": "BID",
"id": "34937"
},
{
"db": "BID",
"id": "34938"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Apelt (sebastian.apelt@siberas.de)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-030"
}
],
"trust": 0.7
},
"cve": "CVE-2009-0010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0010",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-37456",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0010",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200905-163",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-37456",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37456"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists when the application parses a malformed .PICT image. While decoding a tag 0x77 in the image, the application misuses a 16-bit length when allocating tag data. When copying tag data into this buffer, a heap overflow occurs. This can lead to code execution under the context of the current user. The QuickDraw component of Apple Mac OS X is prone to a memory-corruption vulnerability. \nAn attacker can exploit this issue by tricking a victim into opening a specially crafted PICT image file. A successful exploit will allow arbitrary attacker-supplied code to run in the context of the victim running the affected application. \nNOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. The way PICT graphics are handled has an integer underflow that can lead to a heap overflow, and opening a malicious PICT graphic could lead to unexpected application termination or arbitrary code execution. ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-021\nMay 13, 2009\n\n-- CVE ID:\nCVE-2009-0010\n\n-- Affected Vendors:\nApple\n\n-- Affected Products:\nApple Quicktime\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 8048. \n\n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://support.apple.com/kb/HT3549\n\n-- Disclosure Timeline:\n2009-04-15 - Vulnerability reported to vendor\n2009-05-13 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Damian Put, Sebastian Apelt\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0010"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"db": "BID",
"id": "34937"
},
{
"db": "BID",
"id": "34938"
},
{
"db": "VULHUB",
"id": "VHN-37456"
},
{
"db": "PACKETSTORM",
"id": "77915"
},
{
"db": "PACKETSTORM",
"id": "78025"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-37456",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37456"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0010",
"trust": 4.7
},
{
"db": "ZDI",
"id": "ZDI-09-021",
"trust": 2.8
},
{
"db": "BID",
"id": "34938",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "35074",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "35091",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-1297",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-1407",
"trust": 2.5
},
{
"db": "USCERT",
"id": "TA09-133A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022209",
"trust": 2.5
},
{
"db": "BID",
"id": "34926",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-09-030",
"trust": 1.1
},
{
"db": "USCERT",
"id": "SA09-133A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-413",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-470",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-05-12",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-06-01-1",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090527 ZDI-09-021: APPLE QUICKTIME PICT UNSPECIFIED TAG HEAP OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA09-133A",
"trust": 0.6
},
{
"db": "BID",
"id": "34937",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "78025",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "77915",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-37456",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"db": "VULHUB",
"id": "VHN-37456"
},
{
"db": "BID",
"id": "34937"
},
{
"db": "BID",
"id": "34938"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "PACKETSTORM",
"id": "77915"
},
{
"db": "PACKETSTORM",
"id": "78025"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"id": "VAR-200905-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37456"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:06:10.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3591",
"trust": 1.5,
"url": "http://support.apple.com/kb/ht3591"
},
{
"title": "HT3549",
"trust": 1.5,
"url": "http://support.apple.com/kb/ht3549"
},
{
"title": "HT3591",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3591?viewlocale=ja_jp"
},
{
"title": "HT3549",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3549?viewlocale=ja_jp"
},
{
"title": "TA09-133A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-133a.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37456"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://support.apple.com/kb/ht3591"
},
{
"trust": 2.5,
"url": "http://support.apple.com/kb/ht3549"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/34938"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-133a.html"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022209"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/35074"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/35091"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/1407"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-021/"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-021"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/may/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/34926"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/exploits/apple_quicktime_pict_poly_tag_parsing_heap_overflow_poc_exploit_1407144.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/503878/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0010"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-133a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-12"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0010"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa09-133a.html"
},
{
"trust": 0.6,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/503878/100/0/threaded"
},
{
"trust": 0.3,
"url": "/archive/1/503878"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-030/"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0010"
},
{
"trust": 0.2,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-030"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"db": "VULHUB",
"id": "VHN-37456"
},
{
"db": "BID",
"id": "34937"
},
{
"db": "BID",
"id": "34938"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "PACKETSTORM",
"id": "77915"
},
{
"db": "PACKETSTORM",
"id": "78025"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"db": "VULHUB",
"id": "VHN-37456"
},
{
"db": "BID",
"id": "34937"
},
{
"db": "BID",
"id": "34938"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"db": "PACKETSTORM",
"id": "77915"
},
{
"db": "PACKETSTORM",
"id": "78025"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-02T00:00:00",
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"date": "2009-05-13T00:00:00",
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"date": "2009-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-37456"
},
{
"date": "2009-05-12T00:00:00",
"db": "BID",
"id": "34937"
},
{
"date": "2009-05-12T00:00:00",
"db": "BID",
"id": "34938"
},
{
"date": "2009-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"date": "2009-05-29T00:23:10",
"db": "PACKETSTORM",
"id": "77915"
},
{
"date": "2009-06-03T03:52:59",
"db": "PACKETSTORM",
"id": "78025"
},
{
"date": "2009-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"date": "2009-05-13T15:30:00.233000",
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-02T00:00:00",
"db": "ZDI",
"id": "ZDI-09-030"
},
{
"date": "2009-05-13T00:00:00",
"db": "ZDI",
"id": "ZDI-09-021"
},
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-37456"
},
{
"date": "2015-05-07T18:19:00",
"db": "BID",
"id": "34937"
},
{
"date": "2009-06-11T22:09:00",
"db": "BID",
"id": "34938"
},
{
"date": "2009-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001331"
},
{
"date": "2009-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-163"
},
{
"date": "2018-10-11T20:58:40.320000",
"db": "NVD",
"id": "CVE-2009-0010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "77915"
},
{
"db": "PACKETSTORM",
"id": "78025"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of QuickDraw Manager and Apple QuickTime Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-163"
}
],
"trust": 0.6
}
}
VAR-200703-0011
Vulnerability from variot - Updated: 2024-07-23 21:56Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0713). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
1) An integer overflow error exists in the handling of 3GP video files.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22843"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0713",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-24075",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0713",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-24075",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24075"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0713). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n5) A boundary error in the handling of PICT files can be exploited to\ncause a heap-based buffer overflow. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0713"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22843"
},
{
"db": "VULHUB",
"id": "VHN-24075"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 8.19
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "BID",
"id": "22843",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2007-0713",
"trust": 3.1
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "XF",
"id": "32817",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070306 APPLE QUICKTIME PLAYER REMOTE HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24075"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22843"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"id": "VAR-200703-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24075"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:56:58.629000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.5,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 3.0,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 2.6,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32817"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0713"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0713"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/461983/100/0/threaded"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "/archive/1/461983"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24075"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22843"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24075"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22843"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24075"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-06T00:00:00",
"db": "BID",
"id": "22843"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-24075"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-06T20:35:00",
"db": "BID",
"id": "22843"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000193"
},
{
"date": "2007-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-195"
},
{
"date": "2018-10-16T16:33:53.887000",
"db": "NVD",
"id": "CVE-2007-0713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-195"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22843"
}
],
"trust": 0.6
}
}
VAR-200703-0012
Vulnerability from variot - Updated: 2024-07-23 21:56Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-010.html March 7, 2007
-- CVE ID: CVE-2007-0714
-- Affected Vendor: Apple
-- Affected Products: Quicktime Player 7.1
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since May 23, 2006 by the pre-existing Digital Vaccine protection filter ID 4411.
-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at:
http://docs.info.apple.com/article.html?artnum=61798
-- Disclosure Timeline: 2006.05.23 - Pre-existing Digital Vaccine released to TippingPoint customers 2006.08.14 - Vulnerability reported to vendor 2007.03.07 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Apple QuickTime udta ATOM Integer Overflow
By Sowhat of Nevis Labs Date: 2007.03.06
http://www.nevisnetworks.com http://secway.org/advisory/AD20070306.txt http://secway.org/advisory/AD20060512.txt
CVE: CVE-2007-0714
Vendor: Apple Inc.
The CVE-2006-1460 does not patch the root cause of this vulnerability.
The layout of a udta(user data atom) atom:
Bytes
| User data atom | | Atom size | 4 | Type = 'udta' | 4 | | | User data list | | Atom size | 4 | Type = user data types| 4 | |
By setting the value of the Atom size to a large value such as 0xFFFFFFFF, an insufficiently-sized heap block will be allocated, and resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function.
Vendor Response:
2006.05.06 Vendor notified via product-security@apple.com 2006.05.07 Vendor responded 2006.05.09 Vendor ask for more information 2006.05.11 Vendor released QuickTime 7.1, the code path was influenced, but the root cause was not fixed. 2007.03.06 Vendor released the fixed version 2007.03.06 Advisory release
Reference: 1. http://developer.apple.com/documentation/QuickTime/QTFF/index.html 2. http://docs.info.apple.com/article.html?artnum=305149 3. http://secway.org/advisory/AD20060512.txt
-- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 5.6,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:mac:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-010"
}
],
"trust": 0.7
},
"cve": "CVE-2007-0714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0714",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-24076",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0714",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-168",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24076",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-010.html\nMarch 7, 2007\n\n-- CVE ID:\nCVE-2007-0714\n\n-- Affected Vendor:\nApple\n\n-- Affected Products:\nQuicktime Player 7.1\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since May 23, 2006 by the pre-existing Digital Vaccine\nprotection filter ID 4411. \n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More details\ncan be found at:\n\nhttp://docs.info.apple.com/article.html?artnum=61798\n\n-- Disclosure Timeline:\n2006.05.23 - Pre-existing Digital Vaccine released to TippingPoint \ncustomers\n2006.08.14 - Vulnerability reported to vendor\n2007.03.07 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. Apple QuickTime udta ATOM Integer Overflow\n\n\nBy Sowhat of Nevis Labs\nDate: 2007.03.06\n\n\nhttp://www.nevisnetworks.com\nhttp://secway.org/advisory/AD20070306.txt\nhttp://secway.org/advisory/AD20060512.txt\n\nCVE:\tCVE-2007-0714\n\nVendor:\nApple Inc. \n\nThe CVE-2006-1460 does not patch the root cause of this vulnerability. \n\nThe layout of a udta(user data atom) atom:\n\n Bytes\n _______________________\t\t\t\t\t\t\t\t\t\t\t\n | User data atom |\n | Atom size | 4\n | Type = \u0027udta\u0027 | 4\n | |\n | User data list |\n | Atom size | 4\n | Type = user data types| 4\n | |\n -----------------------\n\n\n\nBy setting the value of the Atom size to a large value such as 0xFFFFFFFF,\nan insufficiently-sized heap block will be allocated, and resulting in a\nclassic complete heap memory overwrite during the RtlAllocateHeap() function. \n\n\n\n\nVendor Response:\n\n2006.05.06\tVendor notified via product-security@apple.com\n2006.05.07\tVendor responded\n2006.05.09\tVendor ask for more information\n2006.05.11\tVendor released QuickTime 7.1, the code path was\ninfluenced, but the root cause was not fixed. \n2007.03.06\tVendor released the fixed version\n2007.03.06\tAdvisory release\n\n\n\nReference:\n1. http://developer.apple.com/documentation/QuickTime/QTFF/index.html\n2. http://docs.info.apple.com/article.html?artnum=305149\n3. http://secway.org/advisory/AD20060512.txt\n\n\n\n\n\n\n-- \nSowhat\nhttp://secway.org\n\"Life is like a bug, Do you know how to exploit it ?\"\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0714"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
}
],
"trust": 8.1
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-24076",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24076"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 8.4
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 8.1
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 7.3
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 5.6
},
{
"db": "NVD",
"id": "CVE-2007-0714",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 3.3
},
{
"db": "BID",
"id": "22844",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33902",
"trust": 1.7
},
{
"db": "XF",
"id": "32819",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-093",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070307 ZDI-07-010: APPLE QUICKTIME UDTA PARSING HEAP OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070306 APPLE QUICKTIME UDTA ATOM INTEGER OVERFLOW",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070306 APPLE QUICKTIME UDTA ATOM INTEGER OVERFLOW",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "54955",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "54935",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-24076",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"id": "VAR-200703-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24076"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:56:37.438000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.1,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 7.7,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 5.6,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 5.6,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 5.6,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 4.8,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 3.0,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.6,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 2.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0003.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33902"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32819"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/461999/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/462153/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32819"
},
{
"trust": 0.9,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.9,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0714"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0714"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/462153/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/461999/100/0/threaded"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.3,
"url": "/archive/1/461999"
},
{
"trust": 0.3,
"url": "/archive/1/462153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0714"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://secway.org"
},
{
"trust": 0.1,
"url": "http://www.nevisnetworks.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24076"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-06T00:00:00",
"db": "BID",
"id": "22844"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"date": "2007-03-09T02:32:27",
"db": "PACKETSTORM",
"id": "54955"
},
{
"date": "2007-03-08T23:35:46",
"db": "PACKETSTORM",
"id": "54935"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-24076"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-07T20:05:00",
"db": "BID",
"id": "22844"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"date": "2013-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"date": "2018-10-30T16:25:17.370000",
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Quicktime UDTA ATOM Integer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "22844"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
}
],
"trust": 0.6
}
}
VAR-200609-0315
Vulnerability from variot - Updated: 2024-07-23 21:53Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380)
There is a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart beahvior during updates, as well as scripted setups that temporarily stopped the server to backup the database files. (Bug #15724)
The Corporate 3 and MNF2 products are not affected by these issues.
Packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 http://qa.mandriva.com/show_bug.cgi?id=15724
Updated Packages:
Mandriva Linux 2006.0: 493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm 49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm 94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm 445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm 0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm 064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm 6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm 7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64: d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm 9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm 9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm 3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm 4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/ 1ejA4Amd8JfkWa7DQPpj2Mg= =aSz3 -----END PGP SIGNATURE-----
. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.
- Legal Notice
Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com\u203bRuben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4389",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-159",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20497",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380)\n \n There is a bug in the MySQL-Max (and MySQL) init script where the \n script was not waiting for the mysqld daemon to fully stop. This \n impacted the restart beahvior during updates, as well as scripted\n setups that temporarily stopped the server to backup the database\n files. (Bug #15724)\n \n The Corporate 3 and MNF2 products are not affected by these issues. \n \n Packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n http://qa.mandriva.com/show_bug.cgi?id=15724\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm\n 49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm\n 94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm\n 445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm\n 0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm\n 064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm\n 6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm\n 7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm\n d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm\n 9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm\n cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm\n f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm\n 9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm\n 3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm\n c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm\n 4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm\n d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/\n1ejA4Amd8JfkWa7DQPpj2Mg=\n=aSz3\n-----END PGP SIGNATURE-----\n\n. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.7 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e\nVpxOGmsa3V34PILWdYXqoXE=\n=70De\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4389"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-4389",
"trust": 3.1
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "28769",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1554",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA06-256A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "XF",
"id": "28938",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49698",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-20497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"id": "VAR-200609-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20497"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:53:10.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1338?viewlocale=ja_jp"
},
{
"title": "TA24355",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24355?viewlocale=ja_jp"
},
{
"title": "HT1222",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222?viewlocale=ja_jp"
},
{
"title": "QuickTime 7.1.3 Update \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime713.html"
},
{
"title": "QuickTime - \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 QuickTime Player \u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u7248\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/"
},
{
"title": "TA06-256A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-256a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 3.3,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 2.4,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 2.4,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28769"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1554"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4382"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-256a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4386"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060913_173644.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28938"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://qa.mandriva.com/show_bug.cgi?id=15724"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20497"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49698"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20497"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-07T06:30:54",
"db": "PACKETSTORM",
"id": "49698"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20497"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-159"
},
{
"date": "2018-10-17T21:36:55.430000",
"db": "NVD",
"id": "CVE-2006-4389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle SGI images",
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-159"
}
],
"trust": 0.6
}
}
VAR-200703-0009
Vulnerability from variot - Updated: 2024-07-23 21:43Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. If a user is tricked into opening a malicious movie, this overflow could be triggered, resulting in a denial of service or arbitrary code execution. (CVE-2007-0711). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24359
VERIFY ADVISORY: http://secunia.com/advisories/24359/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4 (windows edition only )"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0711",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-24073",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0711",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-173",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24073",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24073"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. If a user is tricked into opening a malicious movie, this overflow could be triggered, resulting in a denial of service or arbitrary code execution. (CVE-2007-0711). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24359\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24359/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which\npotentially can be exploited by malicious people to compromise a\nuser\u0027s system. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n3) A boundary error in the handling of QuickTime movie files can be\nexploited to cause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n5) A boundary error in the handling of PICT files can be exploited to\ncause a heap-based buffer overflow. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0711"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "VULHUB",
"id": "VHN-24073"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-0711",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33905",
"trust": 1.7
},
{
"db": "XF",
"id": "32814",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173",
"trust": 0.7
},
{
"db": "XF",
"id": "3",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24073",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24073"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"id": "VAR-200703-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24073"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:43:33.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24073"
},
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33905"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32814"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32814"
},
{
"trust": 0.9,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0711"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0711"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24073"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24073"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24073"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-24073"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000191"
},
{
"date": "2009-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-173"
},
{
"date": "2018-10-30T16:25:17.370000",
"db": "NVD",
"id": "CVE-2007-0711"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-173"
}
],
"trust": 0.6
}
}
VAR-200609-0310
Vulnerability from variot - Updated: 2024-07-23 21:42Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.
- Legal Notice
Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0310",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania\u203b bania.piotr@gmail.com\u203bRuben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4382",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20490",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4382",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-157",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20490",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20490"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.7 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e\nVpxOGmsa3V34PILWdYXqoXE=\n=70De\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4382"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20490"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 5.76
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-4382",
"trust": 3.0
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28772",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1554",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-157",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "XF",
"id": "28929",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-256A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-20490",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20490"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"id": "VAR-200609-0310",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20490"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:42:44.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1338?viewlocale=ja_jp"
},
{
"title": "TA24355",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24355?viewlocale=ja_jp"
},
{
"title": "HT1222",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222?viewlocale=ja_jp"
},
{
"title": "QuickTime 7.1.3 Update \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime713.html"
},
{
"title": "QuickTime - \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 QuickTime Player \u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u7248\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/"
},
{
"title": "TA06-256A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-256a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 3.3,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 2.4,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 2.4,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28772"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1554"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28929"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4382"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-256a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4386"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060913_173644.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28929"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20490"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20490"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20490"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20490"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-157"
},
{
"date": "2018-10-17T21:36:49.807000",
"db": "NVD",
"id": "CVE-2006-4382"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle SGI images",
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-157"
}
],
"trust": 0.6
}
}
VAR-200703-0018
Vulnerability from variot - Updated: 2024-07-23 21:41Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0717). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24359
VERIFY ADVISORY: http://secunia.com/advisories/24359/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-24079",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0717",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-174",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-24079",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24079"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0717). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24359\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24359/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which\npotentially can be exploited by malicious people to compromise a\nuser\u0027s system. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n3) A boundary error in the handling of QuickTime movie files can be\nexploited to cause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n5) A boundary error in the handling of PICT files can be exploited to\ncause a heap-based buffer overflow. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0717"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "VULHUB",
"id": "VHN-24079"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-0717",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33899",
"trust": 1.7
},
{
"db": "XF",
"id": "32823",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24079"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"id": "VAR-200703-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24079"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:41:31.383000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33899"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32823"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32823"
},
{
"trust": 0.9,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0717"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0717"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24079"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24079"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24079"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-24079"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000197"
},
{
"date": "2007-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-174"
},
{
"date": "2017-07-29T01:30:21.970000",
"db": "NVD",
"id": "CVE-2007-0717"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-174"
}
],
"trust": 0.9
}
}
VAR-200609-0312
Vulnerability from variot - Updated: 2024-07-23 21:27Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.
- Legal Notice
Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs .
I. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
For more information, please refer to the Vulnerability Notes.
II. For further information, please see the Vulnerability Notes.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.3.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document. Please send email to cert@cert.org with "TA06-256A Feedback VU#540348" in the subject.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
September 13, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20493",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4385",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20493",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20493"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. \n\n\nI. Since QuickTime configures most web browsers to\n handle QuickTime media files, an attacker could exploit these\n vulnerabilities using a web page. \n\n For more information, please refer to the Vulnerability Notes. \n\n\nII. For further information, please see\n the Vulnerability Notes. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.3. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading\n a user to access a specially crafted file with a web\n browser. Disabling QuickTime in your web browser will defend\n against this attack vector. For more information, refer to the\n Securing Your Web Browser document. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-256A Feedback VU#540348\" in the\n subject. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n \n\n Revision History\n\n September 13, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO\n8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s\nFzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa\nm19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE\npZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG\nR59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg==\n=nQVd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4385"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20493"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2006-4385",
"trust": 3.0
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 1.9
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1554",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28768",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-172",
"trust": 0.7
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "XF",
"id": "28932",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-20493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20493"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"id": "VAR-200609-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20493"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:27:23.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1338?viewlocale=ja_jp"
},
{
"title": "TA24355",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24355?viewlocale=ja_jp"
},
{
"title": "HT1222",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222?viewlocale=ja_jp"
},
{
"title": "QuickTime 7.1.3 Update \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime713.html"
},
{
"title": "QuickTime - \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 QuickTime Player \u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u7248\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/"
},
{
"title": "TA06-256A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-256a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 2.4,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 2.4,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28768"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1554"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28932"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4382"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-256a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4386"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060913_173644.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28932"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304357\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime713.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_713\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20493"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20493"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20493"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2006-09-14T07:23:59",
"db": "PACKETSTORM",
"id": "50016"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20493"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-172"
},
{
"date": "2018-10-17T21:36:52.197000",
"db": "NVD",
"id": "CVE-2006-4385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle SGI images",
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-172"
}
],
"trust": 0.6
}
}
VAR-200701-0320
Vulnerability from variot - Updated: 2024-07-23 21:20The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. Apple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Quicktime Used in etc. Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. Successfully exploiting this issue allows remote attackers to corrupt memory and to crash the affected software. Mac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4. QuickDraw is a graphics processing tool bundled in the Apple operating system. A memory corruption vulnerability exists in QuickDraw when parsing PICT graphics with malformed ARGB records. Remote attackers may exploit this vulnerability to perform denial of service attacks on user machines. If the user is tricked into opening a malicious graphics file, this vulnerability will be triggered, destroying the pointer sent to the _GetSrcBits32ARGB function, resulting in a denial of service.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: Mac OS X Mach-O Universal Binary Memory Corruption
SECUNIA ADVISORY ID: SA23088
VERIFY ADVISORY: http://secunia.com/advisories/23088/
CRITICAL: Less critical
IMPACT: DoS, System access
WHERE: Local system
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
The vulnerability is caused due to an error in the fatfile_getarch2() function. This can be exploited to cause an integer overflow and may potentially allow execution of arbitrary code with kernel privileges via a specially crafted Mach-O Universal binary.
The vulnerability is reported in a fully patched Mac OS X (2006-11-26). Other versions may also be affected.
SOLUTION: Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY: LMH
ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-26-11-2006.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0320",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396820"
},
{
"db": "BID",
"id": "22228"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tom Ferris tommy@security-protocols.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0588",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-23950",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0588",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#396820",
"trust": 0.8,
"value": "5.10"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-538",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-23950",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396820"
},
{
"db": "VULHUB",
"id": "VHN-23950"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. Apple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Quicktime Used in etc. Mac OS X QuickDraw is prone to a remote memory-corruption vulnerability because the software fails to properly handle malformed PICT image files. \nSuccessfully exploiting this issue allows remote attackers to corrupt memory and to crash the affected software. \nMac OS X 10.4.8 is vulnerable to this issue; other versions are also likely affected, since the vulnerable component has been included in Apple operating systems since System 6.0.4. QuickDraw is a graphics processing tool bundled in the Apple operating system. A memory corruption vulnerability exists in QuickDraw when parsing PICT graphics with malformed ARGB records. Remote attackers may exploit this vulnerability to perform denial of service attacks on user machines. If the user is tricked into opening a malicious graphics file, this vulnerability will be triggered, destroying the pointer sent to the _GetSrcBits32ARGB function, resulting in a denial of service. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Mach-O Universal Binary Memory Corruption\n\nSECUNIA ADVISORY ID:\nSA23088\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23088/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\nLocal system\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nLMH has reported a vulnerability in Mac OS X, which can be exploited\nby malicious, local users to cause a DoS (Denial of Service) or\npotentially gain escalated privileges. \n\nThe vulnerability is caused due to an error in the fatfile_getarch2()\nfunction. This can be exploited to cause an integer overflow and may\npotentially allow execution of arbitrary code with kernel privileges\nvia a specially crafted Mach-O Universal binary. \n\nThe vulnerability is reported in a fully patched Mac OS X\n(2006-11-26). Other versions may also be affected. \n\nSOLUTION:\nGrant only trusted users access to affected systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nLMH\n\nORIGINAL ADVISORY:\nhttp://projects.info-pull.com/mokb/MOKB-26-11-2006.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0588"
},
{
"db": "CERT/CC",
"id": "VU#396820"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"db": "BID",
"id": "22228"
},
{
"db": "VULHUB",
"id": "VHN-23950"
},
{
"db": "PACKETSTORM",
"id": "52529"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#396820",
"trust": 3.6
},
{
"db": "BID",
"id": "22228",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2007-0588",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1017760",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "24479",
"trust": 2.5
},
{
"db": "USCERT",
"id": "TA07-072A",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-0930",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33365",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-13",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA07-072A",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-23950",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "23088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52529",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396820"
},
{
"db": "VULHUB",
"id": "VHN-23950"
},
{
"db": "BID",
"id": "22228"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"db": "PACKETSTORM",
"id": "52529"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"id": "VAR-200701-0320",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23950"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:20:06.280000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2007-03-13",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/396820"
},
{
"trust": 2.5,
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/22228"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-072a.html"
},
{
"trust": 2.0,
"url": "http://security-protocols.com/sp-x43-advisory.php"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/33365"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1017760"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24479"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/24479/"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/quickdraw"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2007/mar/1017760.html"
},
{
"trust": 0.8,
"url": "http://www.sans.org/newsletters/risk/display.php?v=6\u0026i=5#widely6"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0588"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0588"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0930"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://projects.info-pull.com/mokb/mokb-26-11-2006.html"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23088/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396820"
},
{
"db": "VULHUB",
"id": "VHN-23950"
},
{
"db": "BID",
"id": "22228"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"db": "PACKETSTORM",
"id": "52529"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#396820"
},
{
"db": "VULHUB",
"id": "VHN-23950"
},
{
"db": "BID",
"id": "22228"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"db": "PACKETSTORM",
"id": "52529"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#396820"
},
{
"date": "2007-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-23950"
},
{
"date": "2007-01-25T00:00:00",
"db": "BID",
"id": "22228"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"date": "2006-11-28T00:52:20",
"db": "PACKETSTORM",
"id": "52529"
},
{
"date": "2007-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"date": "2007-01-30T18:28:00",
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-20T00:00:00",
"db": "CERT/CC",
"id": "VU#396820"
},
{
"date": "2013-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-23950"
},
{
"date": "2007-03-15T03:34:00",
"db": "BID",
"id": "22228"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001468"
},
{
"date": "2007-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-538"
},
{
"date": "2013-08-15T05:21:18.897000",
"db": "NVD",
"id": "CVE-2007-0588"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickDraw Manager heap buffer overflow vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#396820"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "22228"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-538"
}
],
"trust": 0.9
}
}
VAR-201205-0393
Vulnerability from variot - Updated: 2024-07-23 21:01Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the style XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much into a fixed-length buffer on the stack. These issues arise when the application handles specially crafted files. Versions prior to QuickTime 7.7.2 are vulnerable on Windows 7, Vista and XP. This BID is being retired. The following individual records exist to better document the issues: 53584 Apple QuickTime Prior To 7.7.2 '.pict' Files Memory Corruption Vulnerability 53583 Apple QuickTime Prior To 7.7.2 QTVR Files Remote Code Execution Vulnerability 53582 Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability 53580 Apple QuickTime Prior To 7.7.2 Sorenson Files Buffer Overflow Vulnerability 53579 Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability 53578 Apple QuickTime Prior To 7.7.2 File Path Handling Stack Overflow Vulnerability 53577 Apple QuickTime Prior To 7.7.2 QTMovie Objects Stack Overflow Vulnerability 53576 Apple QuickTime Prior To 7.7.2 H.264 Encoded Heap Overflow Vulnerability 53574 Apple QuickTime Prior To 7.7.2 Text Tracks Heap Overflow Vulnerability 53571 Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-095 June 21, 2012
-
-- CVE ID: CVE-2012-0663
-
-- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-
-- Affected Vendors:
Apple
- -- Affected Products:
Apple QuickTime
-
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12405.
-
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT1222
-
-- Disclosure Timeline: 2011-10-21 - Vulnerability reported to vendor 2012-06-21 - Coordinated public release of advisory
-
-- Credit: This vulnerability was discovered by:
-
Alexander Gavrun
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8
wsBVAwUBT+OLA1VtgMGTo1scAQJI7Qf+OnfYeok9hy6ohcokglQSew5g0w2FfAUP J9Y899T0z94b00bsE7dRG3DADKnvsFkGXmgID94YCwdQL9hJ4MKNZepaBwL+LsdV lv4Wrm+Q7Zoy22EdeuUu1QU4MfrWyKfxxKgrH1Salk7BcWCjXKHh07dDBB0Ep7TG ECd1DAf+yRP6Ax3MKB0CfgRsdNcRtU7jOoZsf199UfCBqQr1wL4vxknXi8bP3mb1 8+2/xJcJ0CiIO7lkeYSxXY+me9ufQiuNLP1H3CgYT75oTdJtdm0lUqmunPiBaNum uOnRPZswFoNuQsKt+GOn7cw8KZR7BJS0akhzDGfQ3hPZFJ0EkCQ6Iw== =xhVI -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
QuickTime 7.7.2 is now available and addresses the following:
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack overflows existed in QuickTime's handling of TeXML files. These issues do not affect OS X systems. CVE-ID CVE-2012-0663 : Alexander Gavrun working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap overflow existed in QuickTime's handling of text tracks. This issue does not affect OS X systems. CVE-ID CVE-2012-0664 : Alexander Gavrun working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of H.264 encoded movie files. CVE-ID CVE-2012-0665 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. CVE-ID CVE-2011-3459 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio sample tables. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002. CVE-ID CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of MPEG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime plugin's handling of QTMovie objects. This issue does not affect OS X systems. CVE-ID CVE-2012-0666 : CHkr_D591 working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. CVE-ID CVE-2011-3460 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of QTVR movie files. This issue does not affect OS X systems. CVE-ID CVE-2012-0667 : Alin Rad Pop working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. CVE-ID CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of Sorenson encoded movie files. This issue does not affect OS X systems. CVE-ID CVE-2012-0669 : Damian Put working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in QuickTime's handling of file paths. This issue does not affect OS X systems. CVE-ID CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security Center via Secunia SVCRP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow existed in QuickTime's handling of audio streams in MPEG files. CVE-ID CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research (MSVR)
QuickTime 7.7.2 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: ed569d62b3f8c24ac8e9aec7275f17cbb14d2124
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJPsobhAAoJEPefwLHPlZEwk/sP/0C8iXVhnG481GbA03CMhKXJ XDooIlCG6YeoeJxGfri/vqlzqcHe3R90K6R89z1dKGU2bWGvtITh95E+WKll++7F hHYq6YC+r/o1cP1SjBi6A3swhN57m1nQZRIEnnIm+nBSxaiHA6xdRSUaK4ighLSA jbOVfu/6NPuGSlgWBPKSISDY2FhL0GH0QVLW/piVtMTrxhizlE7dgieipAPoVvRC SW2W0te7ujo2X167f2GS8EwplUkj/yVeScdr/6HjLkAXIQ1B9RNqTeOdyQZjTxay 32xhZTQ+JfSQzY6VSGoF0bqlK39u5UyzySIKS446OxclYI6xGKSFvTN3nBUwERd+ W+E/4k3Ry4OYEkgZ5yltXO8bJvGZtmpLOkq94Vb4w7EaEgJ452J/YjqCEEbmtAKM 0W9g1jt5av5Hv+vQ7rufR1tJ6CqkIDDr0f3qY+W/F8ZtdA8Bkvm9568d3L1Vlbai zy89w39Z1RTPMLccZEhtd+80f75P+R3n88X5czjXYignrUJbxhM/S8meqQB5GUB9 nJvZtWB1wlACHJ/EKUTv6miK20XE1OukRyvW0o7WWplqBj5KFWvRcV0tovfybGY9 EKwmao4Hwmq+ovJBFLZj/TV6MMxsJjS9qVea/yOlzZCy+6dwok38yyMAqy+m2dLT X2aq0dgzK7qjPx0FRyOx =BPXs -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": null,
"trust": 2.8,
"vendor": "apple",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.68.75.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.66.71.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.69.80.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.62.14.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.60.92.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.67.75.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.65.17.80"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.6(1671)"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.7.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "BID",
"id": "53547"
},
{
"db": "BID",
"id": "53571"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Gavrun",
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "BID",
"id": "53571"
}
],
"trust": 3.1
},
"cve": "CVE-2012-0663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-0663",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 2.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-0663",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-53944",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2012-0663",
"trust": 2.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-0663",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-259",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-53944",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "VULHUB",
"id": "VHN-53944"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the style XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much into a fixed-length buffer on the stack. \nThese issues arise when the application handles specially crafted files. \nVersions prior to QuickTime 7.7.2 are vulnerable on Windows 7, Vista and XP. \nThis BID is being retired. The following individual records exist to better document the issues:\n53584 Apple QuickTime Prior To 7.7.2 \u0027.pict\u0027 Files Memory Corruption Vulnerability\n53583 Apple QuickTime Prior To 7.7.2 QTVR Files Remote Code Execution Vulnerability\n53582 Apple QuickTime Prior To 7.7.2 \u0027sean\u0027 Atoms Integer Overflow Vulnerability\n53580 Apple QuickTime Prior To 7.7.2 Sorenson Files Buffer Overflow Vulnerability\n53579 Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability\n53578 Apple QuickTime Prior To 7.7.2 File Path Handling Stack Overflow Vulnerability\n53577 Apple QuickTime Prior To 7.7.2 QTMovie Objects Stack Overflow Vulnerability\n53576 Apple QuickTime Prior To 7.7.2 H.264 Encoded Heap Overflow Vulnerability\n53574 Apple QuickTime Prior To 7.7.2 Text Tracks Heap Overflow Vulnerability\n53571 Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code\nExecution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-095\nJune 21, 2012\n\n- -- CVE ID:\nCVE-2012-0663\n\n- -- CVSS:\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\n\n- -- Affected Vendors:\n\nApple\n\n- -- Affected Products:\n\nApple QuickTime\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 12405. \n\n- -- Vendor Response:\n\nApple has issued an update to correct this vulnerability. More details can\nbe found at:\n\nhttp://support.apple.com/kb/HT1222\n\n\n- -- Disclosure Timeline:\n2011-10-21 - Vulnerability reported to vendor\n2012-06-21 - Coordinated public release of advisory\n\n- -- Credit:\nThis vulnerability was discovered by:\n\n* Alexander Gavrun\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950)\nCharset: utf-8\n\nwsBVAwUBT+OLA1VtgMGTo1scAQJI7Qf+OnfYeok9hy6ohcokglQSew5g0w2FfAUP\nJ9Y899T0z94b00bsE7dRG3DADKnvsFkGXmgID94YCwdQL9hJ4MKNZepaBwL+LsdV\nlv4Wrm+Q7Zoy22EdeuUu1QU4MfrWyKfxxKgrH1Salk7BcWCjXKHh07dDBB0Ep7TG\nECd1DAf+yRP6Ax3MKB0CfgRsdNcRtU7jOoZsf199UfCBqQr1wL4vxknXi8bP3mb1\n8+2/xJcJ0CiIO7lkeYSxXY+me9ufQiuNLP1H3CgYT75oTdJtdm0lUqmunPiBaNum\nuOnRPZswFoNuQsKt+GOn7cw8KZR7BJS0akhzDGfQ3hPZFJ0EkCQ6Iw==\n=xhVI\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-05-15-1 QuickTime 7.7.2\n\nQuickTime 7.7.2 is now available and addresses the following:\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple stack overflows existed in QuickTime\u0027s\nhandling of TeXML files. These issues do not affect OS X systems. \nCVE-ID\nCVE-2012-0663 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap overflow existed in QuickTime\u0027s handling of text\ntracks. This issue does not affect OS X systems. \nCVE-ID\nCVE-2012-0664 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of H.264\nencoded movie files. \nCVE-ID\nCVE-2012-0665 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of MP4 encoded files. For OS X Lion systems, this issue is\naddressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this\nissue is addressed in Security Update 2012-001. \nCVE-ID\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An off by one buffer overflow existed in the handling\nof rdrf atoms in QuickTime movie files. For OS X Lion systems, this\nissue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems,\nthis issue is addressed in Security Update 2012-001. \nCVE-ID\nCVE-2011-3459 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file during progressive\ndownload may lead to an unexpected application termination or\narbitrary code execution\nDescription: A buffer overflow existed in the handling of audio\nsample tables. For OS X Lion systems, this issue is addressed in OS X\nLion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in\nSecurity Update 2012-002. \nCVE-ID\nCVE-2012-0658 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted MPEG file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of MPEG\nfiles. For OS X Lion systems, this issue is addressed in OS X Lion\nv10.7.4. For Mac OS X v10.6 systems, this issue is addressed in\nSecurity Update 2012-002. \nCVE-ID\nCVE-2012-0659 : An anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A stack buffer overflow existed in the QuickTime\nplugin\u0027s handling of QTMovie objects. This issue does not affect OS X\nsystems. \nCVE-ID\nCVE-2012-0666 : CHkr_D591 working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Processing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PNG files. \nFor OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. \nFor Mac OS X v10.6 systems, this issue is addressed in Security\nUpdate 2012-001. \nCVE-ID\nCVE-2011-3460 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted QTVR movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of QTVR\nmovie files. This issue does not affect OS X systems. \nCVE-ID\nCVE-2012-0667 : Alin Rad Pop working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A use after free issue existed in the handling of\nJPEG2000 encoded movie files. This issue does not affect systems\nprior to OS X Lion. For OS X Lion systems, this issue is addressed in\nOS X Lion v10.7.4. \nCVE-ID\nCVE-2012-0661 : Damian Put working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of RLE\nencoded movie files. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nSorenson encoded movie files. This issue does not affect OS X\nsystems. \nCVE-ID\nCVE-2012-0669 : Damian Put working with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.pict files. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Opening a file in a maliciously crafted path may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A stack buffer overflow existed in QuickTime\u0027s handling\nof file paths. This issue does not affect OS X systems. \nCVE-ID\nCVE-2012-0265 : Tielei Wang of Georgia Tech Information Security\nCenter via Secunia SVCRP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted MPEG file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer underflow existed in QuickTime\u0027s handling of\naudio streams in MPEG files. \nCVE-ID\nCVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability\nResearch (MSVR)\n\n\nQuickTime 7.7.2 may be obtained from the QuickTime Downloads site:\nhttp://www.apple.com/quicktime/download/\n\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: ed569d62b3f8c24ac8e9aec7275f17cbb14d2124\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJPsobhAAoJEPefwLHPlZEwk/sP/0C8iXVhnG481GbA03CMhKXJ\nXDooIlCG6YeoeJxGfri/vqlzqcHe3R90K6R89z1dKGU2bWGvtITh95E+WKll++7F\nhHYq6YC+r/o1cP1SjBi6A3swhN57m1nQZRIEnnIm+nBSxaiHA6xdRSUaK4ighLSA\njbOVfu/6NPuGSlgWBPKSISDY2FhL0GH0QVLW/piVtMTrxhizlE7dgieipAPoVvRC\nSW2W0te7ujo2X167f2GS8EwplUkj/yVeScdr/6HjLkAXIQ1B9RNqTeOdyQZjTxay\n32xhZTQ+JfSQzY6VSGoF0bqlK39u5UyzySIKS446OxclYI6xGKSFvTN3nBUwERd+\nW+E/4k3Ry4OYEkgZ5yltXO8bJvGZtmpLOkq94Vb4w7EaEgJ452J/YjqCEEbmtAKM\n0W9g1jt5av5Hv+vQ7rufR1tJ6CqkIDDr0f3qY+W/F8ZtdA8Bkvm9568d3L1Vlbai\nzy89w39Z1RTPMLccZEhtd+80f75P+R3n88X5czjXYignrUJbxhM/S8meqQB5GUB9\nnJvZtWB1wlACHJ/EKUTv6miK20XE1OukRyvW0o7WWplqBj5KFWvRcV0tovfybGY9\nEKwmao4Hwmq+ovJBFLZj/TV6MMxsJjS9qVea/yOlzZCy+6dwok38yyMAqy+m2dLT\nX2aq0dgzK7qjPx0FRyOx\n=BPXs\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0663"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "BID",
"id": "53547"
},
{
"db": "BID",
"id": "53571"
},
{
"db": "VULHUB",
"id": "VHN-53944"
},
{
"db": "PACKETSTORM",
"id": "114045"
},
{
"db": "PACKETSTORM",
"id": "112789"
},
{
"db": "PACKETSTORM",
"id": "114315"
}
],
"trust": 5.04
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-53944",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53944"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0663",
"trust": 5.9
},
{
"db": "BID",
"id": "53571",
"trust": 1.4
},
{
"db": "ZDI",
"id": "ZDI-12-107",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-12-095",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1027065",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-12-109",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-12-108",
"trust": 1.0
},
{
"db": "BID",
"id": "53547",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1367",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1364",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1365",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1363",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2012-05-15-1",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "47447",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19637",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19654",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "114315",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "114045",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-73357",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-88903",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114327",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19433",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53944",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112789",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "VULHUB",
"id": "VHN-53944"
},
{
"db": "BID",
"id": "53547"
},
{
"db": "BID",
"id": "53571"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "PACKETSTORM",
"id": "114045"
},
{
"db": "PACKETSTORM",
"id": "112789"
},
{
"db": "PACKETSTORM",
"id": "114315"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"id": "VAR-201205-0393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-53944"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:01:21.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "http://support.apple.com/kb/ht1222"
},
{
"title": "HT5261",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5261"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53944"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/may/msg00005.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5261"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/53571"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16006"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1027065"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0663"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu466700"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0663"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/47447"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53547"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19654"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19637"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-109/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-108/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-107/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-095/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0663"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.2,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.2,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-095"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0658"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3460"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0669"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3458"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0664"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-107"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "VULHUB",
"id": "VHN-53944"
},
{
"db": "BID",
"id": "53547"
},
{
"db": "BID",
"id": "53571"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "PACKETSTORM",
"id": "114045"
},
{
"db": "PACKETSTORM",
"id": "112789"
},
{
"db": "PACKETSTORM",
"id": "114315"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"db": "VULHUB",
"id": "VHN-53944"
},
{
"db": "BID",
"id": "53547"
},
{
"db": "BID",
"id": "53571"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"db": "PACKETSTORM",
"id": "114045"
},
{
"db": "PACKETSTORM",
"id": "112789"
},
{
"db": "PACKETSTORM",
"id": "114315"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"date": "2012-06-21T00:00:00",
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"date": "2012-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-53944"
},
{
"date": "2012-05-15T00:00:00",
"db": "BID",
"id": "53547"
},
{
"date": "2012-05-15T00:00:00",
"db": "BID",
"id": "53571"
},
{
"date": "2012-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"date": "2012-06-22T03:32:50",
"db": "PACKETSTORM",
"id": "114045"
},
{
"date": "2012-05-16T23:16:27",
"db": "PACKETSTORM",
"id": "112789"
},
{
"date": "2012-06-29T02:23:45",
"db": "PACKETSTORM",
"id": "114315"
},
{
"date": "2012-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"date": "2012-05-16T10:12:56.990000",
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-109"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-107"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-108"
},
{
"date": "2012-06-21T00:00:00",
"db": "ZDI",
"id": "ZDI-12-095"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-53944"
},
{
"date": "2012-05-16T23:00:00",
"db": "BID",
"id": "53547"
},
{
"date": "2012-06-28T23:10:00",
"db": "BID",
"id": "53571"
},
{
"date": "2012-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002428"
},
{
"date": "2012-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-259"
},
{
"date": "2017-09-19T01:34:41.573000",
"db": "NVD",
"id": "CVE-2012-0663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "114045"
},
{
"db": "PACKETSTORM",
"id": "114315"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-259"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Run on Apple QuickTime Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "53547"
},
{
"db": "BID",
"id": "53571"
}
],
"trust": 0.6
}
}
VAR-201110-0332
Vulnerability from variot - Updated: 2024-07-23 20:53Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application. The problem occurs when handling a specially crafted movie file. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. Versions prior to QuickTime 7.7.1 are vulnerable on Windows 7, Vista, and XP. NOTE: This issue was previously discussed in BID 50388 (Apple QuickTime Prior To 7.7.1 Multiple Arbitrary Code Execution Vulnerabilities) but has been given its own record to better document it. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-340 December 7, 2011
-
-- CVE ID: CVE-2011-3248
-
-- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-
-- Affected Vendors:
Apple
- -- Affected Products:
Apple Quicktime
-
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11876.
-
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT5016
-
-- Disclosure Timeline: 2011-07-20 - Vulnerability reported to vendor 2011-12-07 - Coordinated public release of advisory
-
-- Credit: This vulnerability was discovered by:
-
Luigi Auriemma
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJO396wAAoJEFVtgMGTo1sch7EH/2QYzoootRWbQKfFNumD3xMk GhsoqYwIQzjGW99Gtt75n1bjHsFcCdJ3r5XUHvRiHmp4LVyzGdeglUrXFZfhTOzx b5mC20tMhiMx7OnoNKt/Iy3KzbPkApRxl7KdwtGeeFY8GO5DmeOGQuFK78ffGp+2 MAqRoWkhpVriRKXbupXqvRcRuMnykkstvuib4NywT/rEk8oh00Rda1KMNoHI/Iyx vsDHoTutxePGrHq/h57aYgbdErirNxKB4O8g1bwfKYUiBGlEm/lHibm+UGMwvClx u+VDwOqqvo5DOZ4SUBU5PpRglhDlQKXYIGzRLBYgnyjYgo5+3lt8v1snJQ0PdOQ= =BR7I -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following:
Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook
ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative
CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners
CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC
CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson
curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192
Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.
dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple
filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher
Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook
libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive
libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton
OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268
PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023
Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921
Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204
WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf
Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3.
For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c
For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c
For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d
For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b
For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46618
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46618/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46618
RELEASE DATE: 2011-10-27
DISCUSS ADVISORY: http://secunia.com/advisories/46618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46618/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 2, 4) Luigi Auriemma via ZDI. 3) Matt 'j00ru' Jurczyk via ZDI. 5) Damian Put via ZDI.
ORIGINAL ADVISORY: http://support.apple.com/kb/HT5016
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. The template HTML files generated by this feature referenced a script file from a non-encrypted origin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime",
"scope": null,
"trust": 1.4,
"vendor": "apple",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.6(1671)"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "BID",
"id": "50400"
},
{
"db": "BID",
"id": "50388"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
}
],
"trust": 1.4
},
"cve": "CVE-2011-3248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3248",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3248",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-51193",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3248",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2011-3248",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201110-664",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-51193",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "VULHUB",
"id": "VHN-51193"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application parses font names embedded within an atom. When parsing the font name, the application will treat a length from the file as a signed value when copying font data into a buffer. Due to an unsigned promotion, this can be used to write outside the bounds of a buffer which can lead to code execution under the context of the application. \nThe problem occurs when handling a specially crafted movie file. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. \nVersions prior to QuickTime 7.7.1 are vulnerable on Windows 7, Vista, and XP. \nNOTE: This issue was previously discussed in BID 50388 (Apple QuickTime Prior To 7.7.1 Multiple Arbitrary Code Execution Vulnerabilities) but has been given its own record to better document it. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code\nExecution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-340\nDecember 7, 2011\n\n- -- CVE ID:\nCVE-2011-3248\n\n- -- CVSS:\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\n\n- -- Affected Vendors:\n\nApple\n\n\n\n- -- Affected Products:\n\nApple Quicktime\n\n\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 11876. \n\n- -- Vendor Response:\n\nApple has issued an update to correct this vulnerability. More details\ncan be found at:\n\nhttp://support.apple.com/kb/HT5016\n\n\n\n- -- Disclosure Timeline:\n2011-07-20 - Vulnerability reported to vendor\n2011-12-07 - Coordinated public release of advisory\n\n- -- Credit:\nThis vulnerability was discovered by:\n\n* Luigi Auriemma\n\n\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.17 (MingW32)\n\niQEcBAEBAgAGBQJO396wAAoJEFVtgMGTo1sch7EH/2QYzoootRWbQKfFNumD3xMk\nGhsoqYwIQzjGW99Gtt75n1bjHsFcCdJ3r5XUHvRiHmp4LVyzGdeglUrXFZfhTOzx\nb5mC20tMhiMx7OnoNKt/Iy3KzbPkApRxl7KdwtGeeFY8GO5DmeOGQuFK78ffGp+2\nMAqRoWkhpVriRKXbupXqvRcRuMnykkstvuib4NywT/rEk8oh00Rda1KMNoHI/Iyx\nvsDHoTutxePGrHq/h57aYgbdErirNxKB4O8g1bwfKYUiBGlEm/lHibm+UGMwvClx\nu+VDwOqqvo5DOZ4SUBU5PpRglhDlQKXYIGzRLBYgnyjYgo5+3lt8v1snJQ0PdOQ=\n=BR7I\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\n\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\naddresses the following:\n\nAddress Book\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: An attacker in a privileged network position may intercept\nCardDAV data\nDescription: Address Book supports Secure Sockets Layer (SSL) for\naccessing CardDAV. A downgrade issue caused Address Book to attempt\nan unencrypted connection if an encrypted connection failed. An\nattacker in a privileged network position could abuse this behavior\nto intercept CardDAV data. This issue is addressed by not downgrading\nto an unencrypted connection without user approval. \nCVE-ID\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.21 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-3348\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nApache disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by providing a configuration\nparameter to control the countermeasure and enabling it by default. \nCVE-ID\nCVE-2011-3389\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nthe request to an incorrect origin server. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nunexpected request headers. This issue does not affect systems prior\nto OS X Lion. \nCVE-ID\nCVE-2011-3447 : Erling Ellingsen of Facebook\n\nColorSync\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription: An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreAudio\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Playing maliciously crafted audio content may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of AAC\nencoded audio streams. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreMedia\u0027s handling\nof H.264 encoded movie files. \nCVE-ID\nCVE-2011-3448 : Scott Stender of iSEC Partners\n\nCoreText\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to an unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue existed in the handling of font\nfiles. \nCVE-ID\nCVE-2011-3449 : Will Dormann of the CERT/CC\n\nCoreUI\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a malicious website may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: An unbounded stack allocation issue existed in the\nhandling of long URLs. This issue does not affect systems prior to OS\nX Lion. \nCVE-ID\nCVE-2011-3450 : Ben Syverson\n\ncurl\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: A remote server may be able to impersonate clients via\nGSSAPI requests\nDescription: When doing GSSAPI authentication, libcurl\nunconditionally performs credential delegation. This issue is\naddressed by disabling GSSAPI credential delegation. \nCVE-ID\nCVE-2011-2192\n\nData Security\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: Two certificate authorities in the list of trusted root\ncertificates have independently issued intermediate certificates to\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. \n\ndovecot\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nDovecot disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by enabling the\ncountermeasure. \nCVE-ID\nCVE-2011-3389 : Apple\n\nfilecmds\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Decompressing a maliciously crafted compressed file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the \u0027uncompress\u0027 command\nline tool. \nCVE-ID\nCVE-2011-2895\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue is address by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nInternet Sharing\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A Wi-Fi network created by Internet Sharing may lose\nsecurity settings after a system update\nDescription: After updating to a version of OS X Lion prior to\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\nto factory defaults, which disables the WEP password. This issue only\naffects systems with Internet Sharing enabled and sharing the\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\nconfiguration during a system update. \nCVE-ID\nCVE-2011-3452 : an anonymous researcher\n\nLibinfo\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in Libinfo\u0027s handling of hostname\nlookup requests. Libinfo could return incorrect results for a\nmaliciously crafted hostname. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook\n\nlibresolv\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s libresolv library may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow existed in the parsing of DNS\nresource records, which may lead to heap memory corruption. \nCVE-ID\nCVE-2011-3453 : Ilja van Sprundel of IOActive\n\nlibsecurity\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Some EV certificates may be trusted even if the\ncorresponding root has been marked as untrusted\nDescription: The certificate code trusted a root certificate to sign\nEV certificates if it was on the list of known EV issuers, even if\nthe user had marked it as \u0027Never Trust\u0027 in Keychain. The root would\nnot be trusted to sign non-EV certificates. \nCVE-ID\nCVE-2011-3422 : Alastair Houghton\n\nOpenGL\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues existed in the\nhandling of GLSL compilation. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in PHP 5.3.6\nDescription: PHP is updated to version 5.3.8 to address several\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2011-1148\nCVE-2011-1657\nCVE-2011-1938\nCVE-2011-2202\nCVE-2011-2483\nCVE-2011-3182\nCVE-2011-3189\nCVE-2011-3267\nCVE-2011-3268\n\nPHP\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of MP4 encoded files. \nCVE-ID\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of font\ntables embedded in QuickTime movie files. \nCVE-ID\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An off by one buffer overflow existed in the handling\nof rdrf atoms in QuickTime movie files. \nCVE-ID\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nfiles. \nCVE-ID\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Processing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PNG files. \nCVE-ID\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of FLC\nencoded movie files\nCVE-ID\nCVE-2011-3249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSquirrelMail\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in SquirrelMail\nDescription: SquirrelMail is updated to version 1.4.22 to address\nseveral vulnerabilities, the most serious of which is a cross-site\nscripting issue. This issue does not affect OS X Lion systems. \nFurther information is available via the SquirrelMail web site at\nhttp://www.SquirrelMail.org/\nCVE-ID\nCVE-2010-1637\nCVE-2010-2813\nCVE-2010-4554\nCVE-2010-4555\nCVE-2011-2023\n\nSubversion\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Accessing a Subversion repository may lead to the disclosure\nof sensitive information\nDescription: Subversion is updated to version 1.6.17 to address\nmultiple vulnerabilities, the most serious of which may lead to the\ndisclosure of sensitive information. Further information is available\nvia the Subversion web site at http://subversion.tigris.org/\nCVE-ID\nCVE-2011-1752\nCVE-2011-1783\nCVE-2011-1921\n\nTime Machine\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A remote attacker may access new backups created by the\nuser\u0027s system\nDescription: The user may designate a remote AFP volume or Time\nCapsule to be used for Time Machine backups. Time Machine did not\nverify that the same device was being used for subsequent backup\noperations. An attacker who is able to spoof the remote volume could\ngain access to new backups created by the user\u0027s system. This issue\nis addressed by verifying the unique identifier associated with a\ndisk for backup operations. \nCVE-ID\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\nDresden\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\nDescription: Tomcat is updated to version 6.0.33 to address multiple\nvulnerabilities, the most serious of which may lead to the disclosure\nof sensitive information. Tomcat is only provided on Mac OS X Server\nsystems. This issue does not affect OS X Lion systems. Further\ninformation is available via the Tomcat site at\nhttp://tomcat.apache.org/\nCVE-ID\nCVE-2011-2204\n\nWebDAV Sharing\nAvailable for: OS X Lion Server v10.7 to v10.7.2\nImpact: Local users may obtain system privileges\nDescription: An issue existed in WebDAV Sharing\u0027s handling of user\nauthentication. A user with a valid account on the server or one of\nits bound directories could cause the execution of arbitrary code\nwith system privileges. This issue does not affect systems prior to\nOS X Lion. \nCVE-ID\nCVE-2011-3463 : Gordon Davisson of Crywolf\n\nWebmail\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted e-mail message may lead to the\ndisclosure of message content\nDescription: A cross-site scripting vulnerability existed in the\nhandling of mail messages. This issue is addressed by updating\nRoundcube Webmail to version 0.6. This issue does not affect systems\nprior to OS X Lion. Further information is available via the\nRoundcube site at http://trac.roundcube.net/\nCVE-ID\nCVE-2011-2937\n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2021-001 or OS X v10.7.3. \n\nFor OS X Lion v10.7.2\nThe download file is named: MacOSXUpd10.7.3.dmg\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\n\nFor OS X Lion v10.7 and v10.7.1\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\n\nFor OS X Lion Server v10.7.2\nThe download file is named: MacOSXServerUpd10.7.3.dmg\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\n\nFor OS X Lion Server v10.7 and v10.7.1\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-001Snow.dmg\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-001.dmg\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\n=c1eU\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46618\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46618/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46618\n\nRELEASE DATE:\n2011-10-27\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46618/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46618/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46618\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple Quicktime, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1, 2, 4) Luigi Auriemma via ZDI. \n3) Matt \u0027j00ru\u0027 Jurczyk via ZDI. \n5) Damian Put via ZDI. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT5016\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. The template HTML files generated by\nthis feature referenced a script file from a non-encrypted origin",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3248"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "BID",
"id": "50400"
},
{
"db": "BID",
"id": "50388"
},
{
"db": "VULHUB",
"id": "VHN-51193"
},
{
"db": "PACKETSTORM",
"id": "107625"
},
{
"db": "PACKETSTORM",
"id": "108390"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "106302"
},
{
"db": "PACKETSTORM",
"id": "106335"
}
],
"trust": 3.96
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-51193",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51193"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3248",
"trust": 4.9
},
{
"db": "ZDI",
"id": "ZDI-11-340",
"trust": 1.1
},
{
"db": "ZDI",
"id": "ZDI-12-005",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1378",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1302",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46618",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "18436",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18064",
"trust": 0.6
},
{
"db": "BID",
"id": "50400",
"trust": 0.4
},
{
"db": "BID",
"id": "50388",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "107625",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "108390",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106302",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106335",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "VULHUB",
"id": "VHN-51193"
},
{
"db": "BID",
"id": "50400"
},
{
"db": "BID",
"id": "50388"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "PACKETSTORM",
"id": "107625"
},
{
"db": "PACKETSTORM",
"id": "108390"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "106302"
},
{
"db": "PACKETSTORM",
"id": "106335"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"id": "VAR-201110-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-51193"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:53:56.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5016",
"trust": 2.2,
"url": "http://support.apple.com/kb/ht5016"
},
{
"title": "QuickTimeInstaller",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41180"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51193"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://support.apple.com/kb/ht5016"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht5130"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16012"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3248"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu784211"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3248"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46618"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18064"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18436"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3248"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-340/"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3249"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3250"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-340"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1783"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1752"
},
{
"trust": 0.1,
"url": "http://trac.roundcube.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0241"
},
{
"trust": 0.1,
"url": "http://www.squirrelmail.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1921"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1637"
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46618/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46618/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46618"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3228"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3247"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "VULHUB",
"id": "VHN-51193"
},
{
"db": "BID",
"id": "50400"
},
{
"db": "BID",
"id": "50388"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "PACKETSTORM",
"id": "107625"
},
{
"db": "PACKETSTORM",
"id": "108390"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "106302"
},
{
"db": "PACKETSTORM",
"id": "106335"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"db": "VULHUB",
"id": "VHN-51193"
},
{
"db": "BID",
"id": "50400"
},
{
"db": "BID",
"id": "50388"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"db": "PACKETSTORM",
"id": "107625"
},
{
"db": "PACKETSTORM",
"id": "108390"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "106302"
},
{
"db": "PACKETSTORM",
"id": "106335"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"date": "2011-12-07T00:00:00",
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"date": "2011-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-51193"
},
{
"date": "2011-10-27T00:00:00",
"db": "BID",
"id": "50400"
},
{
"date": "2011-10-26T00:00:00",
"db": "BID",
"id": "50388"
},
{
"date": "2011-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"date": "2011-12-08T03:59:34",
"db": "PACKETSTORM",
"id": "107625"
},
{
"date": "2012-01-06T00:08:26",
"db": "PACKETSTORM",
"id": "108390"
},
{
"date": "2012-02-03T00:24:52",
"db": "PACKETSTORM",
"id": "109373"
},
{
"date": "2011-10-27T01:54:58",
"db": "PACKETSTORM",
"id": "106302"
},
{
"date": "2011-10-28T21:11:08",
"db": "PACKETSTORM",
"id": "106335"
},
{
"date": "2011-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"date": "2011-10-28T02:49:52.977000",
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-05T00:00:00",
"db": "ZDI",
"id": "ZDI-12-005"
},
{
"date": "2011-12-07T00:00:00",
"db": "ZDI",
"id": "ZDI-11-340"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-51193"
},
{
"date": "2015-03-19T09:36:00",
"db": "BID",
"id": "50400"
},
{
"date": "2011-10-26T00:00:00",
"db": "BID",
"id": "50388"
},
{
"date": "2011-11-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002689"
},
{
"date": "2011-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-664"
},
{
"date": "2017-09-19T01:33:56.307000",
"db": "NVD",
"id": "CVE-2011-3248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "107625"
},
{
"db": "PACKETSTORM",
"id": "108390"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-664"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Vulnerable to integer sign error",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "50400"
},
{
"db": "BID",
"id": "50388"
}
],
"trust": 0.6
}
}
VAR-200609-0313
Vulnerability from variot - Updated: 2024-07-23 20:38Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers.
CVE: CVE-2006-4386
Orginal URL:
http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt
Software affected: Tested on QucikTime 7.1 (Windows version), with
all newest add-ons.
0. DISCLAIMER
Author takes no responsibility for any actions with provided
informations or codes. The copyright for any material created by the author is reserved. Any duplication of codes or texts provided here in electronic or printed publications is not permitted without the author's agreement.
I.
II.
The overflow occurs in the H.264 codec.
Vulnerable code:
6825a28f 668b4806 mov cx,[eax+0x6] ; cx = controled by
attacker 6825a293 660fb6d5 movzx dx,ch ; dx = 0x00XX (XX - controled by attacker) 6825a297 8af1 mov dh,cl ; dx = 0xXXXX (-//-) 6825a299 8bca mov ecx,edx ; ecx = edx 6825a29b 6681f90001 cmp cx,0x100 ; compare cx with 0x100 6825a2a0 7f3d jg QuickTimeH264!JVTCompComponentDispatch+0x917c (6825a2df) ; (1) 6825a2a2 0fbfd1 movsx edx,cx ; (2) 6825a2a5 8bca mov ecx,edx 6825a2a7 8bd9 mov ebx,ecx 6825a2a9 c1e902 shr ecx,0x2 6825a2ac 8d7008 lea esi,[eax+0x8] 6825a2af 8d7c2418 lea edi,[esp+0x18] 6825a2b3 f3a5 rep movsd ds:00fb8000=????????
*1 - JG jumps, takes care of the sign so in this case we have an
security check for upper bounds, but when cx is a negative number this check is bypassed. No lower bounds checks were applied - bad.
*2 - Due to the bypass of the point *1 EDX is now CX extended by sign
(in this case its negative), EDX now looks like 0xFFFFXXXX, the integer is overflowed and rep movsd causes an memory corruption (obvious fact is that ECX is related to EDX).
Debugger output:
eax=00fb2028 ebx=ffffc9c9 ecx=3fffda7e edx=ffffc9c9 esi=00fb8000
edi=00141688 eip=6825a2b3 esp=0013b6a0 ebp=0013b8c4 iopl=0 nv up ei pl nz ac po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010216 *** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\Quicktime\QTSystem\QuickTimeH264.qtx - QuickTimeH264!JVTCompComponentDispatch+0x9150: 6825a2b3 f3a5 rep movsd ds:00fb8000=???????? es:00141688=00000000
The vulnerability may lead to remote code execution when specially
crafted video file (MOV file) is being loaded.
III. POC CODE
Due to severity of this bug i will not release any proof of concept
codes for this issue.
IV. VENDOR RESPONSE
Check: http://docs.info.apple.com/article.html?artnum=61798
. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.
The risk rating for these issues is medium.
- Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below
- Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.
- Resolution
Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at: http://docs.info.apple.com/article.html?artnum=304357
- Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.
- Legal Notice
Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-08
http://security.gentoo.org/
Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08
Synopsis
Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.
Background
Win32 binary codecs provide support for video and audio playback.
Workaround
There is no known workaround at this time.
Resolution
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.
References
[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20494",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4386",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-166",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20494",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20494"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. \n\n\tCVE:\t\t\tCVE-2006-4386\n\n\tOrginal URL:\t \nhttp://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt\n\n\n\tSoftware affected:\tTested on QucikTime 7.1 (Windows version), with\n\t\t\t\tall newest add-ons. \n\n\n\n\n\n\t0. DISCLAIMER\n\n\tAuthor takes no responsibility for any actions with provided \ninformations or\n\tcodes. The copyright for any material created by the author is \nreserved. Any\n\tduplication of codes or texts provided here in electronic or printed\n\tpublications is not permitted without the author\u0027s agreement. \n\n\tI. \n\n\n\tII. \nThe overflow\n\toccurs in the H.264 codec. \n\n\t\n\tVulnerable code:\n\n\t6825a28f 668b4806 mov cx,[eax+0x6]\t\t; cx = controled by \nattacker\n\t6825a293 660fb6d5 movzx dx,ch\t\t\t; dx = 0x00XX (XX - controled \nby attacker)\n\t6825a297 8af1 mov dh,cl\t\t\t; dx = 0xXXXX (-//-)\n\t6825a299 8bca mov ecx,edx\t\t; ecx = edx\n\t6825a29b 6681f90001 cmp cx,0x100\t\t; compare cx with 0x100\n\t6825a2a0 7f3d jg QuickTimeH264!JVTCompComponentDispatch+0x917c \n(6825a2df) ; (*1*)\n\t6825a2a2 0fbfd1 movsx edx,cx\t\t; (*2*)\n\t6825a2a5 8bca mov ecx,edx\n\t6825a2a7 8bd9 mov ebx,ecx\n\t6825a2a9 c1e902 shr ecx,0x2\n\t6825a2ac 8d7008 lea esi,[eax+0x8]\n\t6825a2af 8d7c2418 lea edi,[esp+0x18]\n\t6825a2b3 f3a5 rep movsd ds:00fb8000=????????\n\n\n\t*1 - JG jumps, takes care of the sign so in this case we have an \nsecurity check for upper\n\t bounds, but when cx is a negative number this check is bypassed. \nNo lower bounds\n\t checks were applied - bad. \n\n\t*2 - Due to the bypass of the point *1 EDX is now CX extended by sign \n(in this case its\n\t negative), EDX now looks like 0xFFFFXXXX, the integer is \noverflowed and rep movsd\n\t causes an memory corruption (obvious fact is that ECX is related \nto EDX). \n\t\t\n\n\n\tDebugger output:\n\n\teax=00fb2028 ebx=ffffc9c9 ecx=3fffda7e edx=ffffc9c9 esi=00fb8000 \nedi=00141688\n\teip=6825a2b3 esp=0013b6a0 ebp=0013b8c4 iopl=0 nv up ei pl nz ac \npo nc\n\tcs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 \nefl=00010216\n\t*** ERROR: Symbol file could not be found. Defaulted to export symbols \nfor E:\\Quicktime\\QTSystem\\QuickTimeH264.qtx -\n\tQuickTimeH264!JVTCompComponentDispatch+0x9150:\n\t6825a2b3 f3a5 rep movsd ds:00fb8000=???????? \nes:00141688=00000000\n\n\n\tThe vulnerability may lead to remote code execution when specially\n\tcrafted video file (MOV file) is being loaded. \n\n\t\n\tIII. POC CODE\n\n\tDue to severity of this bug i will not release any proof of concept\n codes for this issue. \n\n\tIV. VENDOR RESPONSE\n\n\tCheck: http://docs.info.apple.com/article.html?artnum=61798\n\t\n\n\n\t\n. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows. \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries. All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Win32 binary codecs: Multiple vulnerabilities\n Date: March 04, 2008\n Bugs: #150288\n ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n [ 1 ] CVE-2006-4382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n [ 2 ] CVE-2006-4384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n [ 3 ] CVE-2006-4385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n [ 4 ] CVE-2006-4386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n [ 5 ] CVE-2006-4388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n [ 6 ] CVE-2006-4389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n [ 7 ] CVE-2007-4674\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n [ 8 ] CVE-2007-6166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.7 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e\nVpxOGmsa3V34PILWdYXqoXE=\n=70De\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4386"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20494"
},
{
"db": "PACKETSTORM",
"id": "49968"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
}
],
"trust": 5.85
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-20494",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20494"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 4.9
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-4386",
"trust": 3.1
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29182",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28773",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1550",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060912 APPLE QUICKTIME PLAYER H.264 CODEC REMOTE INTEGER OVERFLOW",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-256A",
"trust": 0.6
},
{
"db": "XF",
"id": "28934",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200803-08",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49968",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-20494",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64267",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20494"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49968"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"id": "VAR-200609-0313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20494"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:38:25.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1338?viewlocale=ja_jp"
},
{
"title": "TA24355",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24355?viewlocale=ja_jp"
},
{
"title": "HT1222",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222?viewlocale=ja_jp"
},
{
"title": "QuickTime 7.1.3 Update \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime713.html"
},
{
"title": "QuickTime - \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 QuickTime Player \u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u7248\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/"
},
{
"title": "TA06-256A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-256a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 3.3,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 3.2,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 2.9,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 2.4,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 2.4,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28773"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29182"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1550"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445823/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28934"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4382"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-256a/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4385"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4386"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060913_173644.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445823/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28934"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.1,
"url": "http://www.piotrbania.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20494"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49968"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20494"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"db": "PACKETSTORM",
"id": "49968"
},
{
"db": "PACKETSTORM",
"id": "50015"
},
{
"db": "PACKETSTORM",
"id": "64267"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20494"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-13T09:29:12",
"db": "PACKETSTORM",
"id": "49968"
},
{
"date": "2006-09-14T07:22:52",
"db": "PACKETSTORM",
"id": "50015"
},
{
"date": "2008-03-04T22:49:07",
"db": "PACKETSTORM",
"id": "64267"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20494"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000934"
},
{
"date": "2006-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-166"
},
{
"date": "2018-10-17T21:36:53.167000",
"db": "NVD",
"id": "CVE-2006-4386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "49968"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle SGI images",
"sources": [
{
"db": "CERT/CC",
"id": "VU#308204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-166"
}
],
"trust": 0.6
}
}
VAR-200703-0019
Vulnerability from variot - Updated: 2024-07-23 19:59Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. QuickTime is prone to a heap-overflow vulnerability because it fails to perform adequate bounds checking on user-supplied data. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. Remote attackers may exploit these vulnerabilities to control the user's machine by enticing the user to open and process malformed media files. (CVE-2007-0718). BACKGROUND
Quicktime is Apple's media player product used to render video and other media. For more information visit http://www.apple.com/quicktime/
II.
The vulnerability specifically exists in QuickTime players handling of Video media atoms. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed.
III.
In order to exploit this vulnerability, an attacker must persuade a victim into opening a specially crafted media file. This could be accomplished by either a direct link or referenced from a website under the attacker's control. No further interaction is required in the default configuration.
IV. DETECTION
iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows.
V. WORKAROUND
iDefense is currently unaware of any effective workarounds for this vulnerability.
VI. More information can be found in Apple Advisory APPLE-SA-2007-03-05 at the following URL.
http://docs.info.apple.com/article.html?artnum=305149
VII. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
12/06/2006 Initial vendor notification 12/11/2007 Initial vendor response 02/01/2007 Second vendor notification 03/05/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Ruben Santamarta of Reversemode Labs (www.reversemode.com).
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22839"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0718",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-24080",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0718",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-24080",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24080"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. QuickTime is prone to a heap-overflow vulnerability because it fails to perform adequate bounds checking on user-supplied data. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. Remote attackers may exploit these vulnerabilities to control the user\u0027s machine by enticing the user to open and process malformed media files. (CVE-2007-0718). BACKGROUND\n\nQuicktime is Apple\u0027s media player product used to render video and other\nmedia. For more information visit http://www.apple.com/quicktime/\n\nII. \n\nThe vulnerability specifically exists in QuickTime players handling of\nVideo media atoms. A byte swap process is then performed\non the memory following the description, regardless if a table is present\nor not. Heap corruption will occur in the case when the memory following\nthe description is not part of the heap chunk being processed. \n\nIII. \n\nIn order to exploit this vulnerability, an attacker must persuade a victim\ninto opening a specially crafted media file. This could be accomplished by\neither a direct link or referenced from a website under the attacker\u0027s\ncontrol. No further interaction is required in the default configuration. \n\nIV. DETECTION\n\niDefense Labs confirmed this vulnerability exists in version 7.1.3 of\nQuickTime on Windows. \n\nV. WORKAROUND\n\niDefense is currently unaware of any effective workarounds for this\nvulnerability. \n\nVI. More information can be found in Apple Advisory\nAPPLE-SA-2007-03-05 at the following URL. \n\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nVII. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n12/06/2006 Initial vendor notification\n12/11/2007 Initial vendor response\n02/01/2007 Second vendor notification\n03/05/2007 Coordinated public disclosure\n\nIX. CREDIT\n\nThis vulnerability was reported to iDefense by Ruben Santamarta of\nReversemode Labs (www.reversemode.com). \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2007 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert electronically. \nIt may not be edited in any way without the express written consent of\niDefense. If you wish to reprint the whole or any part of this alert in\nany other medium other than electronically, please e-mail\ncustomerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate at\nthe time of publishing based on currently available information. Use of\nthe information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on, this\ninformation. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0718"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22839"
},
{
"db": "VULHUB",
"id": "VHN-24080"
},
{
"db": "PACKETSTORM",
"id": "54931"
}
],
"trust": 8.1
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-24080",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24080"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 8.9
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2007-0718",
"trust": 3.2
},
{
"db": "BID",
"id": "22839",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "XF",
"id": "32826",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20070306 [REVERSEMODE ADVISORY] APPLE QUICKTIME COLOR ID REMOTE HEAP CORRUPTION",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20070305 APPLE QUICKTIME COLOR TABLE ID HEAP CORRUPTION VULNERABILITY",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "54931",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-24080",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24080"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22839"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"db": "PACKETSTORM",
"id": "54931"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"id": "VAR-200703-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24080"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:59:00.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24080"
},
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.4,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/22839"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32826"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
},
{
"trust": 0.8,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0718"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0718"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.7,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/462012/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.3,
"url": "/archive/1/462012"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "https://www.reversemode.com)."
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0718"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24080"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22839"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"db": "PACKETSTORM",
"id": "54931"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24080"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22839"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"db": "PACKETSTORM",
"id": "54931"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24080"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-06T00:00:00",
"db": "BID",
"id": "22839"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"date": "2007-03-08T23:27:30",
"db": "PACKETSTORM",
"id": "54931"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-24080"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-06T00:00:00",
"db": "BID",
"id": "22839"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000198"
},
{
"date": "2007-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-165"
},
{
"date": "2018-10-16T16:33:56.577000",
"db": "NVD",
"id": "CVE-2007-0718"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54931"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-165"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22839"
}
],
"trust": 0.6
}
}
VAR-200703-0017
Vulnerability from variot - Updated: 2024-07-23 19:54Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0716). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24359
VERIFY ADVISORY: http://secunia.com/advisories/24359/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0716",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-24078",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0716",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-176",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-24078",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24078"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0716). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24359\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24359/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which\npotentially can be exploited by malicious people to compromise a\nuser\u0027s system. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n3) A boundary error in the handling of QuickTime movie files can be\nexploited to cause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n5) A boundary error in the handling of PICT files can be exploited to\ncause a heap-based buffer overflow. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0716"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "VULHUB",
"id": "VHN-24078"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-0716",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "33900",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "XF",
"id": "32822",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24078",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24078"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"id": "VAR-200703-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24078"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:54:44.982000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33900"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32822"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32822"
},
{
"trust": 0.9,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0716"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0716"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24078"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24078"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24078"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-24078"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000196"
},
{
"date": "2007-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-176"
},
{
"date": "2017-07-29T01:30:21.907000",
"db": "NVD",
"id": "CVE-2007-0716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-176"
}
],
"trust": 0.6
}
}
VAR-200510-0403
Vulnerability from variot - Updated: 2024-07-23 19:53Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service.
TITLE: Mandriva update for ruby
SECUNIA ADVISORY ID: SA17285
VERIFY ADVISORY: http://secunia.com/advisories/17285/
CRITICAL: Moderately critical
IMPACT: Security Bypass
WHERE:
From remote
OPERATING SYSTEM: Mandrake Corporate Server 2.x http://secunia.com/product/1222/ Mandrakelinux 10.1 http://secunia.com/product/4198/
DESCRIPTION: Mandriva has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
For more information: SA16904
SOLUTION: Apply updated packages.
Mandrakelinux 10.1:
013e98f0b0a09acd8c48b5d438c4e151 10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm 479e965b6302bd0e74b8699f0a7b9f46 10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm b5654a6d4bab0b5a33e3e65fdb8bab52 10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm 2294bfd6f57ebc2cc6eb353e4a62a4b5 10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm 5407dfbbb45af31d3ffa53f120773f77 10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
b8347f871a62a176f049cbe010e298ce x86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm b9ac7ecba0bc317869795146cf3cc5a4 x86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm 7803195d658cdf63324f8bf54753018e x86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm 0f6cb61b12453673ef4a7fb99b6069af x86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm 5407dfbbb45af31d3ffa53f120773f77 x86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm
Corporate Server 2.1:
2aa9219b24bbcf8673df418eb373881b corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm e5b4282401bf2c0794d14b52d7c6c319 corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm e72d411868d4ca8d7a05ba2e0baee926 corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm c795d629e28719f7fe1e8a1619805fdc corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm 61457cb16d1b24e1c31a10c687af94ef corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d477751b1302ec7c5f271fe9597216fa x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm b7ac888d722dc6fb8c5b9b9207e34ea3 x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm 27a29077b76158382c514b965fdf614f x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm 0e4752d11d67acdabc4561c37c41511e x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm 61457cb16d1b24e1c31a10c687af94ef x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm
ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2005:191
OTHER REFERENCES: SA16904: http://secunia.com/advisories/16904/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruby",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike PriceATmaCA atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat smaillist@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
}
],
"trust": 0.6
},
"cve": "CVE-2006-1458",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-1458",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-17566",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1458",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#160012",
"trust": 0.8,
"value": "2.57"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#289705",
"trust": 0.8,
"value": "17.71"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-17566",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. \nSuccessful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service. \n\nTITLE:\nMandriva update for ruby\n\nSECUNIA ADVISORY ID:\nSA17285\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17285/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nMandrake Corporate Server 2.x\nhttp://secunia.com/product/1222/\nMandrakelinux 10.1\nhttp://secunia.com/product/4198/\n\nDESCRIPTION:\nMandriva has issued an update for ruby. This fixes a vulnerability,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions. \n\nFor more information:\nSA16904\n\nSOLUTION:\nApply updated packages. \n\nMandrakelinux 10.1:\n\n013e98f0b0a09acd8c48b5d438c4e151\n10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm\n479e965b6302bd0e74b8699f0a7b9f46\n10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm\nb5654a6d4bab0b5a33e3e65fdb8bab52\n10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm\n2294bfd6f57ebc2cc6eb353e4a62a4b5\n10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm\n5407dfbbb45af31d3ffa53f120773f77\n10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm\n\nMandrakelinux 10.1/X86_64:\n\nb8347f871a62a176f049cbe010e298ce\nx86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm\nb9ac7ecba0bc317869795146cf3cc5a4\nx86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm\n7803195d658cdf63324f8bf54753018e\nx86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm\n0f6cb61b12453673ef4a7fb99b6069af\nx86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm\n5407dfbbb45af31d3ffa53f120773f77\nx86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm\n\nCorporate Server 2.1:\n\n2aa9219b24bbcf8673df418eb373881b\ncorporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm\ne5b4282401bf2c0794d14b52d7c6c319\ncorporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm\ne72d411868d4ca8d7a05ba2e0baee926\ncorporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm\nc795d629e28719f7fe1e8a1619805fdc\ncorporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm\n61457cb16d1b24e1c31a10c687af94ef\ncorporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm\n\nCorporate Server 2.1/X86_64:\n\nd477751b1302ec7c5f271fe9597216fa\nx86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm\nb7ac888d722dc6fb8c5b9b9207e34ea3\nx86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm\n27a29077b76158382c514b965fdf614f\nx86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm\n0e4752d11d67acdabc4561c37c41511e\nx86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm\n61457cb16d1b24e1c31a10c687af94ef\nx86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm\n\nORIGINAL ADVISORY:\nhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:191\n\nOTHER REFERENCES:\nSA16904:\nhttp://secunia.com/advisories/16904/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1458"
},
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "PACKETSTORM",
"id": "40845"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1458",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#289705",
"trust": 2.7
},
{
"db": "BID",
"id": "17953",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "20069",
"trust": 1.9
},
{
"db": "USCERT",
"id": "TA06-132B",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1016067",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "16904",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#160012",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2006-1778",
"trust": 1.1
},
{
"db": "XF",
"id": "26391",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "17285",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "17094",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17147",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17129",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "20077",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "17098",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "19130",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-860",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-862",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-864",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-05-11",
"trust": 0.6
},
{
"db": "SECTRACK",
"id": "1014948",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2006:005",
"trust": 0.6
},
{
"db": "USCERT",
"id": "TA06-132A",
"trust": 0.6
},
{
"db": "BID",
"id": "17951",
"trust": 0.6
},
{
"db": "BID",
"id": "14909",
"trust": 0.6
},
{
"db": "XF",
"id": "22360",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200510-05",
"trust": 0.6
},
{
"db": "SREASON",
"id": "59",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-132A",
"trust": 0.6
},
{
"db": "VUPEN",
"id": "ADV-2006-1779",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2005:191",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-195-1",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:799",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-17566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40845",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "PACKETSTORM",
"id": "40845"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"id": "VAR-200510-0403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17566"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:53:25.750000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TA24130",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24130"
},
{
"title": "TA24130",
"trust": 0.8,
"url": "http://support.apple.com/kb/ta24130?viewlocale=ja_jp"
},
{
"title": "TA06-132B",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-132b.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/17953"
},
{
"trust": 1.9,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132b.html"
},
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/289705"
},
{
"trust": 1.9,
"url": "http://securitytracker.com/id?1016067"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/20069"
},
{
"trust": 1.4,
"url": "http://www.ruby-lang.org/en/20051003.html"
},
{
"trust": 1.4,
"url": "http://jvn.jp/jp/jvn%2362914675/index.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2006/may/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1778"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26391"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/16904/"
},
{
"trust": 0.8,
"url": "http://www.rubycentral.com/book/taint.html"
},
{
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime71.html "
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=303752 "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1458"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/1778"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/26391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-132b/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1458"
},
{
"trust": 0.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:191"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-132a.html"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/160012"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/16904"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/22360"
},
{
"trust": 0.6,
"url": "http://www.ubuntu.com/usn/usn-195-1"
},
{
"trust": 0.6,
"url": "http://www.securitytracker.com/alerts/2005/sep/1014948.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/17951"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/14909"
},
{
"trust": 0.6,
"url": "http://www.redhat.com/support/errata/rhsa-2005-799.html"
},
{
"trust": 0.6,
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"trust": 0.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1779"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2005/dsa-864"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2005/dsa-862"
},
{
"trust": 0.6,
"url": "http://www.debian.org/security/2005/dsa-860"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/20077"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/19130"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17285"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17147"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17129"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17098"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/17094"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2006/may/msg00003.html"
},
{
"trust": 0.6,
"url": "http://securityreason.com/securityalert/59"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=303752"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "/archive/1/433850"
},
{
"trust": 0.3,
"url": "/archive/1/433810"
},
{
"trust": 0.3,
"url": "/archive/1/433828"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4198/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17285/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1222/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "PACKETSTORM",
"id": "40845"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#160012"
},
{
"db": "CERT/CC",
"id": "VU#289705"
},
{
"db": "VULHUB",
"id": "VHN-17566"
},
{
"db": "BID",
"id": "17953"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"db": "PACKETSTORM",
"id": "40845"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#160012"
},
{
"date": "2006-05-12T00:00:00",
"db": "CERT/CC",
"id": "VU#289705"
},
{
"date": "2006-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-17566"
},
{
"date": "2006-05-11T00:00:00",
"db": "BID",
"id": "17953"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"date": "2005-10-24T22:35:49",
"db": "PACKETSTORM",
"id": "40845"
},
{
"date": "2005-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"date": "2006-05-12T20:06:00",
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-16T00:00:00",
"db": "CERT/CC",
"id": "VU#160012"
},
{
"date": "2006-05-17T00:00:00",
"db": "CERT/CC",
"id": "VU#289705"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-17566"
},
{
"date": "2006-05-15T22:29:00",
"db": "BID",
"id": "17953"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000965"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-060"
},
{
"date": "2017-07-20T01:30:36.957000",
"db": "NVD",
"id": "CVE-2006-1458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruby safe-level security model bypass",
"sources": [
{
"db": "CERT/CC",
"id": "VU#160012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-060"
}
],
"trust": 0.6
}
}
VAR-200809-0188
Vulnerability from variot - Updated: 2024-07-23 19:40Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. Versions prior to QuickTime 7.5.5 are affected. NOTE: Two issues that were previously covered in this BID were given their own records to better document the details: - CVE-2008-3626 was moved to BID 31546 ('Apple QuickTime 'STSZ' Atoms Memory Corruption Vulnerability') - CVE-2008-3629 was moved to BID 31548 ('Apple QuickTime PICT Denial of Service Vulnerability'). Apple QuickTime is a very popular multimedia player. iDefense Security Advisory 09.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 09, 2008
I. BACKGROUND
Quicktime is Apple's media player product, and is used to render video and other media. The PICT file format was developed by Apple Inc. in 1984. PICT files can contain both object oriented images and bitmaps. For more information visit the vendor's web site at the following URL.
http://www.apple.com/quicktime/
II. This issue results in heap corruption which can lead to arbitrary code execution.
III. ANALYSIS
Exploitation of this issue results in arbitrary code execution in the security context of the current user. An attacker would need to host a web page containing a malformed PICT file. Upon visiting the malicious web page exploitation would occur. Alternatively a malicious PICT file could be attached to an e-mail.
IV. Older versions are also suspected to be vulnerable.
V. WORKAROUND
iDefense recommends disabling the QuickTime Plug-in and altering the .pic and .pict file type associations within the registry. Disabling the plug-in will prevent web browsers from utilizing QuickTime Player to view associated media files. Removing the file type associations within the registry will prevent QuickTime Player and Picture Viewer from opening .pic and .pict files.
VI. VENDOR RESPONSE
Apple has released QuickTime 7.5.5 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL shown below.
http://support.apple.com/kb/HT3027
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3614 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
05/13/2008 Initial vendor notification 05/22/2008 Initial vendor response 09/09/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5 to v10.5.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5 to v10.5.4"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "31086"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergio AlvarezDavid WhartonRoee HayZDI\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3614",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-3614",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-33739",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3614",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-117",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33739",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-33739"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. \nThese issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. \nVersions prior to QuickTime 7.5.5 are affected. \nNOTE: Two issues that were previously covered in this BID were given their own records to better document the details:\n- CVE-2008-3626 was moved to BID 31546 (\u0027Apple QuickTime \u0027STSZ\u0027 Atoms Memory Corruption Vulnerability\u0027)\n- CVE-2008-3629 was moved to BID 31548 (\u0027Apple QuickTime PICT Denial of Service Vulnerability\u0027). Apple QuickTime is a very popular multimedia player. iDefense Security Advisory 09.09.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nSep 09, 2008\n\nI. BACKGROUND\n\nQuicktime is Apple\u0027s media player product, and is used to render video\nand other media. The PICT file format was developed by Apple Inc. in\n1984. PICT files can contain both object oriented images and bitmaps. \nFor more information visit the vendor\u0027s web site at the following URL. \n\nhttp://www.apple.com/quicktime/\n\nII. This issue results in heap corruption\nwhich can lead to arbitrary code execution. \n\nIII. ANALYSIS\n\nExploitation of this issue results in arbitrary code execution in the\nsecurity context of the current user. An attacker would need to host a\nweb page containing a malformed PICT file. Upon visiting the malicious\nweb page exploitation would occur. Alternatively a malicious PICT file\ncould be attached to an e-mail. \n\nIV. Older versions are also suspected to be\nvulnerable. \n\nV. WORKAROUND\n\niDefense recommends disabling the QuickTime Plug-in and altering the\n.pic and .pict file type associations within the registry. Disabling\nthe plug-in will prevent web browsers from utilizing QuickTime Player\nto view associated media files. Removing the file type associations\nwithin the registry will prevent QuickTime Player and Picture Viewer\nfrom opening .pic and .pict files. \n\nVI. VENDOR RESPONSE\n\nApple has released QuickTime 7.5.5 which resolves this issue. More\ninformation is available via Apple\u0027s QuickTime Security Update page at\nthe URL shown below. \n\nhttp://support.apple.com/kb/HT3027\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3614 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n05/13/2008 Initial vendor notification\n05/22/2008 Initial vendor response\n09/09/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3614"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "BID",
"id": "31086"
},
{
"db": "VULHUB",
"id": "VHN-33739"
},
{
"db": "PACKETSTORM",
"id": "69815"
},
{
"db": "PACKETSTORM",
"id": "38390"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-33739",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33739"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3614",
"trust": 2.9
},
{
"db": "BID",
"id": "31086",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31821",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "31882",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1020841",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-2584",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2527",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020879",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA08-260A",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080909 APPLE QUICKTIME PICT INTEGER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA08-260A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-09-15",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-09-09",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-08-062",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-08-060",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-08-057",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-08-058",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-08-061",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "69815",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-33739",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38390",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-33739"
},
{
"db": "BID",
"id": "31086"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "PACKETSTORM",
"id": "69815"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"id": "VAR-200809-0188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33739"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:40:25.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2008-006",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3137"
},
{
"title": "QuickTime 7.5.5",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3027"
},
{
"title": "QuickTime 7.5.5",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3027?viewlocale=ja_jp"
},
{
"title": "Security Update 2008-006",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3137?viewlocale=ja_jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33739"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/31086"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1020841"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31821"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31882"
},
{
"trust": 2.0,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3027"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00005.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-260a.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3137"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020879"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/2584"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15851"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2527"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3614"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3614"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2527"
},
{
"trust": 0.4,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/"
},
{
"trust": 0.3,
"url": "http://blog.watchfire.com/wfblog/2008/09/quicktime-patch.html"
},
{
"trust": 0.3,
"url": "/archive/1/496358"
},
{
"trust": 0.3,
"url": "/archive/1/496180"
},
{
"trust": 0.3,
"url": "/archive/1/496161"
},
{
"trust": 0.3,
"url": "/archive/1/496163"
},
{
"trust": 0.3,
"url": "/archive/1/496175"
},
{
"trust": 0.3,
"url": "/archive/1/496176"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-060/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-057/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-062/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-058/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-061/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3614"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-33739"
},
{
"db": "BID",
"id": "31086"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "PACKETSTORM",
"id": "69815"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-33739"
},
{
"db": "BID",
"id": "31086"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"db": "PACKETSTORM",
"id": "69815"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2008-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-33739"
},
{
"date": "2008-09-09T00:00:00",
"db": "BID",
"id": "31086"
},
{
"date": "2008-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"date": "2008-09-10T08:57:38",
"db": "PACKETSTORM",
"id": "69815"
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38390"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"date": "2008-09-11T01:13:09.243000",
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-33739"
},
{
"date": "2008-10-03T16:28:00",
"db": "BID",
"id": "31086"
},
{
"date": "2008-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001684"
},
{
"date": "2008-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-117"
},
{
"date": "2018-10-30T16:25:38.340000",
"db": "NVD",
"id": "CVE-2008-3614"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "69815"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-117"
}
],
"trust": 0.6
}
}
VAR-200407-0077
Vulnerability from variot - Updated: 2024-06-09 23:13Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow. apple's QuickTime Exists in unspecified vulnerabilities.None. This issue can be triggered by a malformed .mov file and is reported to be exploitable to execute arbitrary code on Microsoft Windows platforms. This issue could also cause the player to crash on other platforms. Conflicting information has been released by the vendor that suggests that this issue will only result in a denial of service on Mac OS X. Apple QuickTime (QuickTime.qts) Heap Overflow
Release Date: May 02, 2004
Date Reported: February 18, 2004
Severity: High (Code Execution)
Vendor: Apple
Systems Affected: Apple QuickTime 6.5 Apple iTunes 4.2.0.72
Description: The Apple QuickTime media player is used for playing, interacting with or viewing video, audio, VR or graphics files. Many popular web browsers, media players, and other applications use their libraries to play various QuickTime movie formats through their applications. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context.
This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
Technical Details: The code in QuickTime.qts responsible for copying Sample-to-Chunk table entries from the 'stsc' atom data in a QuickTime-format movie into an array allocated on the heap. According to developer.apple.com, the format of the Sample-to-Chunk atom is as follows:
Offset Type Description
0000h DWORD atom size 0004h DWORD atom type tag ('stsc') 0008h BYTE version 0009h BYTE[3] flags 000Ch DWORD number of entries 0010h ... sample-to-chunk table data
The heap block intended to hold the sample-to-chunk table data is allocated with a size equal to (number_of_entries + 2) * 16. By supplying the "number of entries" field with the value 0x0FFFFFFE or greater, an absolutely classic integer overflow results that causes an insufficiently-sized heap block to be allocated, resulting in an equally classic complete heap memory overwrite.
It is difficult to express just how textbook this vulnerability scenario really is. Successful exploitation of the vulnerability is self-evident, and therefore no further discussion is warranted. It is our sincere hope that the vendor will make an earnest effort to increase the maturity of its security response capabilities, so that researchers will be encouraged to continue to work with them amicably on future security issues. Apple is doing a disservice to its customers by incorrectly labeling this vulnerability as a "crash bug" rather than stating correctly that attackers can compromise systems running the affected Apple software.
References: QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html
Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications.
This vulnerability has been assigned the CVE identifier CAN-2004-0431.
Credit: Karl Lynn
Additional Research: Derek Soeder
Greetings: Riley Hassell, Fuzen, Cubby, the ladies in the band MudBath, Zoe bird, Michelle L., and of course the entire staff at eEye.
Copyright (c) 1998-2004 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Feedback Please send suggestions, updates, and comments to:
eEye Digital Security http://www.eEye.com info@eEye.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200407-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "6.5 and earlier"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782958"
},
{
"db": "BID",
"id": "10257"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eeye Digital Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0431",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-0431",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-8861",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0431",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#782958",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200407-012",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8861",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782958"
},
{
"db": "VULHUB",
"id": "VHN-8861"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large \"number of entries\" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow. apple\u0027s QuickTime Exists in unspecified vulnerabilities.None. \nThis issue can be triggered by a malformed .mov file and is reported to be exploitable to execute arbitrary code on Microsoft Windows platforms. This issue could also cause the player to crash on other platforms. Conflicting information has been released by the vendor that suggests that this issue will only result in a denial of service on Mac OS X. Apple QuickTime (QuickTime.qts) Heap Overflow\n\nRelease Date:\nMay 02, 2004\n\nDate Reported:\nFebruary 18, 2004\n\nSeverity:\nHigh (Code Execution)\n\nVendor:\nApple\n\nSystems Affected:\nApple QuickTime 6.5\nApple iTunes 4.2.0.72\n\nDescription:\nThe Apple QuickTime media player is used for playing, interacting with\nor viewing video, audio, VR or graphics files. Many popular web\nbrowsers, media players, and other applications use their libraries to\nplay various QuickTime movie formats through their applications. The vulnerability allows a remote attacker to reliably\noverwrite heap memory with user-controlled data and execute arbitrary\ncode within the SYSTEM context. \n\nThis specific flaw exists within the QuickTime.qts file which many\napplications access QuickTime\u0027s functionality through. By specially\ncrafting atoms within a movie file, a direct heap overwrite is\ntriggered, and reliable code execution is then possible. \n\nTechnical Details:\nThe code in QuickTime.qts responsible for copying Sample-to-Chunk table\nentries from the \u0027stsc\u0027 atom data in a QuickTime-format movie into an\narray allocated on the heap. According to developer.apple.com, the\nformat of the Sample-to-Chunk atom is as follows:\n\n Offset Type Description\n ------- ------- --------------------------------\n 0000h DWORD atom size\n 0004h DWORD atom type tag (\u0027stsc\u0027)\n 0008h BYTE version\n 0009h BYTE[3] flags\n 000Ch DWORD number of entries\n 0010h ... sample-to-chunk table data\n\nThe heap block intended to hold the sample-to-chunk table data is\nallocated with a size equal to (number_of_entries + 2) * 16. By\nsupplying the \"number of entries\" field with the value 0x0FFFFFFE or\ngreater, an absolutely classic integer overflow results that causes an\ninsufficiently-sized heap block to be allocated, resulting in an equally\nclassic complete heap memory overwrite. \n\nIt is difficult to express just how textbook this vulnerability scenario\nreally is. Successful exploitation of the vulnerability is\nself-evident, and therefore no further discussion is warranted. It is\nour sincere hope that the vendor will make an earnest effort to increase\nthe maturity of its security response capabilities, so that researchers\nwill be encouraged to continue to work with them amicably on future\nsecurity issues. Apple is doing a disservice to its customers by\nincorrectly labeling this vulnerability as a \"crash bug\" rather than\nstating correctly that attackers can compromise systems running the\naffected Apple software. \n\nReferences:\nQuickTime: QuickTime File Format\nhttp://developer.apple.com/documentation/QuickTime/QTFF/index.html\n\nVendor Status:\nApple has released a patch for this vulnerability. The patch is\navailable via the Updates section of the affected applications. \n\nThis vulnerability has been assigned the CVE identifier CAN-2004-0431. \n\nCredit:\nKarl Lynn\n\nAdditional Research:\nDerek Soeder\n\nGreetings:\nRiley Hassell, Fuzen, Cubby, the ladies in the band MudBath, Zoe bird,\nMichelle L., and of course the entire staff at eEye. \n\nCopyright (c) 1998-2004 eEye Digital Security Permission is hereby\ngranted for the redistribution of this alert electronically. It is not\nto be edited in any way without express consent of eEye. If you wish to\nreprint the whole or any part of this alert in any other medium\nexcluding electronic medium, please email alert@eEye.com for permission. \n\nDisclaimer\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\nFeedback\nPlease send suggestions, updates, and comments to:\n\neEye Digital Security\nhttp://www.eEye.com\ninfo@eEye.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0431"
},
{
"db": "CERT/CC",
"id": "VU#782958"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "BID",
"id": "10257"
},
{
"db": "VULHUB",
"id": "VHN-8861"
},
{
"db": "PACKETSTORM",
"id": "33233"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8861",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8861"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0431",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#782958",
"trust": 3.3
},
{
"db": "SECTRACK",
"id": "1010010",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "11071",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012",
"trust": 0.7
},
{
"db": "XF",
"id": "16026",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040502 EEYE: APPLE QUICKTIME (QUICKTIME.QTS) HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "NTBUGTRAQ",
"id": "20040502 EEYE: APPLE QUICKTIME (QUICKTIME.QTS) HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2004-04-30",
"trust": 0.6
},
{
"db": "BID",
"id": "10257",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "33233",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-8861",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782958"
},
{
"db": "VULHUB",
"id": "VHN-8861"
},
{
"db": "BID",
"id": "10257"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "PACKETSTORM",
"id": "33233"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"id": "VAR-200407-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8861"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-09T23:13:11.097000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.apple.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/782958"
},
{
"trust": 1.9,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16026"
},
{
"trust": 1.8,
"url": "http://marc.info/?l=bugtraq\u0026m=108360110618389\u0026w=2"
},
{
"trust": 1.8,
"url": "http://marc.info/?l=ntbugtraq\u0026m=108356485013237\u0026w=2"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00048.html"
},
{
"trust": 1.1,
"url": "http://www.eeye.com/html/research/advisories/ad20040502.html"
},
{
"trust": 0.9,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0431"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/11071/"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/apr/1010010.html"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/windowsntfocus/5np020kcvu.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16026"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=ntbugtraq\u0026m=108356485013237\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108360110618389\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108360110618389\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=ntbugtraq\u0026amp;m=108356485013237\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.eeye.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#782958"
},
{
"db": "VULHUB",
"id": "VHN-8861"
},
{
"db": "BID",
"id": "10257"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "PACKETSTORM",
"id": "33233"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#782958"
},
{
"db": "VULHUB",
"id": "VHN-8861"
},
{
"db": "BID",
"id": "10257"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"db": "PACKETSTORM",
"id": "33233"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#782958"
},
{
"date": "2004-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-8861"
},
{
"date": "2004-04-30T00:00:00",
"db": "BID",
"id": "10257"
},
{
"date": "2024-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"date": "2004-05-04T02:52:16",
"db": "PACKETSTORM",
"id": "33233"
},
{
"date": "2004-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"date": "2004-07-07T04:00:00",
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-04T00:00:00",
"db": "CERT/CC",
"id": "VU#782958"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8861"
},
{
"date": "2009-07-12T04:07:00",
"db": "BID",
"id": "10257"
},
{
"date": "2024-06-07T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2004-000934"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200407-012"
},
{
"date": "2017-07-11T01:30:09.510000",
"db": "NVD",
"id": "CVE-2004-0431"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "33233"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime contains an integer overflow in the \"QuickTime.qts\" extension",
"sources": [
{
"db": "CERT/CC",
"id": "VU#782958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "10257"
},
{
"db": "CNNVD",
"id": "CNNVD-200407-012"
}
],
"trust": 0.9
}
}
VAR-201106-0164
Vulnerability from variot - Updated: 2024-03-20 20:21Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. Apple Mac OS X is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects Mac OS X 10.6 through 10.6.7 and Mac OS X Server 10.6 through 10.6.7. NOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0186 : Will Dormann of the CERT/CC
QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in QuickTime plug-in's handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross- site redirects. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0213 : Luigi Auriemma working with iDefense VCP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0246 : an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime 7.7 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/
For Mac OS X v10.5.8 The download file is named: "QuickTime77Leopard.dmg" Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355
For Windows 7 / Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9
QuickTime is incorporated into Mac OS X v10.6 and later. QuickTime 7.7 is not presented to systems running Mac OS X v10.6 or later.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin)
iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0 OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7 95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU= =H+iO -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/
TITLE: Apple Mac OS X Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA45054
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45054
RELEASE DATE: 2011-06-25
DISCUSS ADVISORY: http://secunia.com/advisories/45054/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45054/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45054
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error within AirPort when handling Wi-Fi frames can be exploited to trigger an out-of-bounds memory access and cause a system reset.
2) An error within App Store may lead to a user's AppleID password being logged to a local file.
3) An unspecified error in the handling of embedded TrueType fonts in Apple Type Services (ATS) can be exploited to cause a heap-based buffer overflow when a specially crafted document is viewed or downloaded.
4) An error within Certificate Trust Policy when handling an Extended Validation (EV) certificate with no OCSP URL can be exploited to disclose certain sensitive information via Man-in-the-Middle (MitM) attacks.
7) An integer overflow error in CoreGraphics when handling PDF files containing Type 1 fonts can be exploited to cause a buffer overflow via a specially crafted PDF file.
8) A path validation error within xftpd can be exploited to perform a recursive directory listing and disclose the list of otherwise restricted files.
9) An error in ImageIO within the handling of TIFF files can be exploited to cause a heap-based buffer overflow.
10) An error in ImageIO within the handling of JPEG2000 files can be exploited to cause a heap-based buffer overflow.
11) An error within ICU (International Components for Unicode) when handling certain uppercase strings can be exploited to cause a buffer overflow.
12) A NULL pointer dereference error within the kernel when handling IPV6 socket options can be exploited to cause a system reset.
13) An error within Libsystem when using the glob(3) API can be exploited to cause a high CPU consumption.
14) An error within libxslt can be exploited to disclose certain addresses from the heap.
For more information see vulnerability #2 in: SA43832
15) An error exists within MobileMe when determining a user's email aliases. This can be exploited to disclose a user's MobileMe email aliases via Man-in-the-Middle (MitM) attacks.
16) Some vulnerabilities are caused due to a vulnerable bundled version of MySQL.
For more information: SA41048 SA41716
17) Some vulnerabilities are caused due to a vulnerable bundled version of OpenSSL.
For more information: SA37291 SA38807 SA42243 SA42473 SA43227
18) A vulnerability is caused due to a vulnerable bundled version of GNU patch.
For more information: SA43677
19) An unspecified error in QuickLook within the processing of Microsoft Office files can be exploited to corrupt memory, which may allow execution of arbitrary code.
25) Some vulnerabilities are caused due to a vulnerable bundled version of Samba.
For more information: SA41354 SA43512
26) An error in servermgrd when handling XML-RPC requests can be exploited to disclose arbitrary files from the local resources.
27) A vulnerability is caused due to a vulnerable bundled version of subversion.
For more information: SA43603
SOLUTION: Update to version 10.6.8 or apply Security Update 2011-004.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Paul Nelson 3) Marc Schoenefeld, Red Hat Security Response Team and Harry Sintonen 4) Chris Hawk and Wan-Teh Chang, Google 5) binaryproof via ZDI 6) Harry Sintonen 7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 8) team karlkani 9) Dominic Chell, NGS Secure 10) Harry Sintonen 11) David Bienvenu, Mozilla 12) Thomas Clement, Intego 13) Maksymilian Arciemowicz 14) Chris Evans, Google Chrome Security Team 15) Aaron Sigel, vtty.com 19)Tobias Klein via iDefense 20, 22) Luigi Auriemma via ZDI 21) Honggang Ren, Fortinet's FortiGuard Labs 23) Subreption LLC via ZDI 24) Luigi Auriemma via iDefense
1, 26) Reported by the vendor
ORIGINAL ADVISORY: Apple Security Update 2011-004: http://support.apple.com/kb/HT4723
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201106-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6(1671)"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
}
],
"sources": [
{
"db": "BID",
"id": "48430"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma working with iDefense",
"sources": [
{
"db": "BID",
"id": "48430"
}
],
"trust": 0.3
},
"cve": "CVE-2011-0213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-0213",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48158",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0213",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48158",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48158"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. Apple Mac OS X is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects Mac OS X 10.6 through 10.6.7 and Mac OS X Server 10.6 through 10.6.7. \nNOTE: This issue was previously discussed in BID 48412 (Apple Mac OS X Prior to 10.6.8 Multiple Security Vulnerabilities) but has been given its own record to better document it. Viewing a maliciously crafted pict file may lead to an\nunexpected application termination or arbitrary code execution. Viewing a maliciously\ncrafted JPEG2000 image with QuickTime may lead to an unexpected\napplication termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0186 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of video data from another site\nDescription: A cross-origin issue existed in QuickTime plug-in\u0027s\nhandling of cross-site redirects. Visiting a maliciously crafted\nwebsite may lead to the disclosure of video data from another site. \nThis issue is addressed by preventing QuickTime from following cross-\nsite redirects. Playing a maliciously crafted WAV file may lead to an\nunexpected application termination or arbitrary code execution. Viewing a\nmaliciously crafted movie file may lead to an unexpected application\ntermination or arbitrary code execution. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. Viewing a maliciously crafted JPEG file may lead to an\nunexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0213 : Luigi Auriemma working with iDefense VCP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted GIF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in QuickTime\u0027s handling\nof GIF images. Viewing a maliciously crafted GIF image may lead to an\nunexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0246 : an anonymous contributor working with Beyond\nSecurity\u0027s SecuriTeam Secure Disclosure program\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted H.264 movie file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: Multiple stack buffer overflows existed in the handling\nof H.264 encoded movie files. Viewing a maliciously crafted H.264\nmovie file may lead to an unexpected application termination or\narbitrary code execution. \nCVE-ID\nCVE-2011-0247 : Roi Mallo and Sherab Giovannini working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website using Internet\nExplorer may lead to an unexpected application termination or\narbitrary code execution\nDescription: A stack buffer overflow existed in the QuickTime\nActiveX control\u0027s handling of QTL files. Visiting a maliciously\ncrafted website using Internet Explorer may lead to an unexpected\napplication termination or arbitrary code execution. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. Viewing a maliciously crafted movie\nfile may lead to an unexpected application termination or arbitrary\ncode execution. \nCVE-ID\nCVE-2011-0252 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\n\nQuickTime 7.7 may be obtained from the Software Update\napplication, or from the QuickTime Downloads site:\nhttp://www.apple.com/quicktime/download/\n\nFor Mac OS X v10.5.8\nThe download file is named: \"QuickTime77Leopard.dmg\"\nIts SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355\n\nFor Windows 7 / Vista / XP SP3\nThe download file is named: \"QuickTimeInstaller.exe\"\nIts SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9\n\nQuickTime is incorporated into Mac OS X v10.6 and later. \nQuickTime 7.7 is not presented to systems running\nMac OS X v10.6 or later. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (Darwin)\n\niQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0\nOrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto\nKFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf\nJ2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7\n95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg\ntrYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU=\n=H+iO\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nFrost \u0026 Sullivan 2011 Report: Secunia Vulnerability Research\n\\\"Frost \u0026 Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\\\" This is just one of the key factors that influenced Frost \u0026 Sullivan to select Secunia over other companies. \nRead the report here:\nhttp://secunia.com/products/corporate/vim/fs_request_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA45054\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45054/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054\n\nRELEASE DATE:\n2011-06-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45054/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45054/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error within AirPort when handling Wi-Fi frames can be\nexploited to trigger an out-of-bounds memory access and cause a\nsystem reset. \n\n2) An error within App Store may lead to a user\u0027s AppleID password\nbeing logged to a local file. \n\n3) An unspecified error in the handling of embedded TrueType fonts in\nApple Type Services (ATS) can be exploited to cause a heap-based\nbuffer overflow when a specially crafted document is viewed or\ndownloaded. \n\n4) An error within Certificate Trust Policy when handling an Extended\nValidation (EV) certificate with no OCSP URL can be exploited to\ndisclose certain sensitive information via Man-in-the-Middle (MitM)\nattacks. \n\n7) An integer overflow error in CoreGraphics when handling PDF files\ncontaining Type 1 fonts can be exploited to cause a buffer overflow\nvia a specially crafted PDF file. \n\n8) A path validation error within xftpd can be exploited to perform a\nrecursive directory listing and disclose the list of otherwise\nrestricted files. \n\n9) An error in ImageIO within the handling of TIFF files can be\nexploited to cause a heap-based buffer overflow. \n\n10) An error in ImageIO within the handling of JPEG2000 files can be\nexploited to cause a heap-based buffer overflow. \n\n11) An error within ICU (International Components for Unicode) when\nhandling certain uppercase strings can be exploited to cause a buffer\noverflow. \n\n12) A NULL pointer dereference error within the kernel when handling\nIPV6 socket options can be exploited to cause a system reset. \n\n13) An error within Libsystem when using the glob(3) API can be\nexploited to cause a high CPU consumption. \n\n14) An error within libxslt can be exploited to disclose certain\naddresses from the heap. \n\nFor more information see vulnerability #2 in:\nSA43832\n\n15) An error exists within MobileMe when determining a user\u0027s email\naliases. This can be exploited to disclose a user\u0027s MobileMe email\naliases via Man-in-the-Middle (MitM) attacks. \n\n16) Some vulnerabilities are caused due to a vulnerable bundled\nversion of MySQL. \n\nFor more information:\nSA41048\nSA41716\n\n17) Some vulnerabilities are caused due to a vulnerable bundled\nversion of OpenSSL. \n\nFor more information:\nSA37291\nSA38807\nSA42243\nSA42473\nSA43227\n\n18) A vulnerability is caused due to a vulnerable bundled version of\nGNU patch. \n\nFor more information:\nSA43677\n\n19) An unspecified error in QuickLook within the processing of\nMicrosoft Office files can be exploited to corrupt memory, which may\nallow execution of arbitrary code. \n\n25) Some vulnerabilities are caused due to a vulnerable bundled\nversion of Samba. \n\nFor more information:\nSA41354\nSA43512\n\n26) An error in servermgrd when handling XML-RPC requests can be\nexploited to disclose arbitrary files from the local resources. \n\n27) A vulnerability is caused due to a vulnerable bundled version of\nsubversion. \n\nFor more information:\nSA43603\n\nSOLUTION:\nUpdate to version 10.6.8 or apply Security Update 2011-004. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n2) Paul Nelson\n3) Marc Schoenefeld, Red Hat Security Response Team and Harry\nSintonen\n4) Chris Hawk and Wan-Teh Chang, Google\n5) binaryproof via ZDI\n6) Harry Sintonen\n7) Cristian Draghici, Modulo Consulting and Felix Grobert, Google\nSecurity Team\n8) team karlkani\n9) Dominic Chell, NGS Secure\n10) Harry Sintonen\n11) David Bienvenu, Mozilla\n12) Thomas Clement, Intego\n13) Maksymilian Arciemowicz\n14) Chris Evans, Google Chrome Security Team\n15) Aaron Sigel, vtty.com\n19)Tobias Klein via iDefense\n20, 22) Luigi Auriemma via ZDI\n21) Honggang Ren, Fortinet\u0027s FortiGuard Labs\n23) Subreption LLC via ZDI\n24) Luigi Auriemma via iDefense\n\n1, 26) Reported by the vendor\n\nORIGINAL ADVISORY:\nApple Security Update 2011-004:\nhttp://support.apple.com/kb/HT4723\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0213"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "BID",
"id": "48430"
},
{
"db": "VULHUB",
"id": "VHN-48158"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102569"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0213",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201106-318",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "45054",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-06-23-1",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17108",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17119",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17422",
"trust": 0.6
},
{
"db": "BID",
"id": "48430",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-48158",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "103730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102569",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48158"
},
{
"db": "BID",
"id": "48430"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102569"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"id": "VAR-201106-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48158"
}
],
"trust": 0.01
},
"last_update_date": "2024-03-20T20:21:35.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4723",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4723"
},
{
"title": "HT4826",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4826"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48158"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4723"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2011//aug/msg00000.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0213"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu976710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu610235"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0213"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/45054"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17422"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17119"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17108"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0213"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0246"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0252"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0211"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0251"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/fs_request_2011/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45054/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45054"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45054/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48158"
},
{
"db": "BID",
"id": "48430"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102569"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-48158"
},
{
"db": "BID",
"id": "48430"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"db": "PACKETSTORM",
"id": "103730"
},
{
"db": "PACKETSTORM",
"id": "102569"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-48158"
},
{
"date": "2011-06-23T00:00:00",
"db": "BID",
"id": "48430"
},
{
"date": "2011-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"date": "2011-08-04T23:11:35",
"db": "PACKETSTORM",
"id": "103730"
},
{
"date": "2011-06-24T11:18:16",
"db": "PACKETSTORM",
"id": "102569"
},
{
"date": "2011-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"date": "2011-06-24T20:55:02.623000",
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-48158"
},
{
"date": "2011-08-05T11:30:00",
"db": "BID",
"id": "48430"
},
{
"date": "2011-08-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001841"
},
{
"date": "2011-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-318"
},
{
"date": "2024-03-19T18:02:21.017000",
"db": "NVD",
"id": "CVE-2011-0213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of QuickTime Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-318"
}
],
"trust": 0.6
}
}
VAR-201402-0391
Vulnerability from variot - Updated: 2024-02-13 21:15Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of the clef atom. An attacker can use this flaw to overflow an improperly allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. Versions prior to QuickTime 7.7.5 are vulnerable on Windows 7, Vista, and XP SP2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-02-25-3 QuickTime 7.7.5
QuickTime 7.7.5 is now available and addresses the following:
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized pointer issue existed in the handling of track lists. This issue was addressed through improved error checking. CVE-ID CVE-2014-1243 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1244 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of QuickTime image descriptions. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team
QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1251 : Aliz Hammond working with HP's Zero Day Initiative
QuickTime 7.7.5 may be obtained from the QuickTime Downloads site: http://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJTDNezAAoJEPefwLHPlZEwA28P/24CQNEYClDxGO81zpafYO0R zNWNZiyxkcMWYGuDXvcN5HLiLiDwOkJqUMMkOxzCtsTKw69xopzlebzyZ4CS4YiZ J4xQzzGjD3dOtseQLTHp1CRNXUl/sIgR1ztS+qCkmh5/QJlSEQlg/as9KlJ0RM2Q yzUfMjy92KZjmGRsEimFbI2xq9lMR1nwMC0pJvB4T670rK3SHEUs1lfpv2HNOAR7 54s7OL8TU+L/xAo2HfS6+2LScKIrye7vsOMH0KuB3BiQ16HBYRQdL+tWV3HAF/Cl fk5EZQplKBcB3ljR6fvM3xv0xBtxo1AzYCuoJWu2Hr7kB/EsnBWKn/Tok6+6m0Fv 7KlV1x6o23omqtFgXuI+wUm6Vp5q0kvnZghVIcZ+gWMa5utakYazCJ2v+HX8C0Jf exyk+l44APSEQ+n31HVEqcD8AfOj7HuRN/lP+N8KOPDMIMKEpvhvmB+x9+9b54y4 c5S/zX2q3KQUra5/zGSmgMHeMAoMkvz+4bVZnINTzVx/gcROWhzPjv+R/pD/ofLR 8rAQJvt9JOcrrfGnsk94ghimc6ZntpfMwkTLp82iRQcQuu5L5YR3lsAnZne1OExf 8e9FVCbmdvoWsACPsvWvAhf0qoAX3B70lSybPXL8rYG+curfL0NlJb9ib6bho0wC kgqQGWbrFmVneRK/E72N =Kg2H -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.67.75.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.69.80.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.71.80.42"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.68.75.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.70.80.34"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.66.71.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.7.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.8"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.7"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.5.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.64.17.73"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.62.14.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.60.92.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.9"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.65.17.80"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.5 (windows 7)"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.5 (windows vista)"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.7.5 (windows xp sp2 or later )"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.60.92.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.69.80.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.70.80.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.71.80.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.3.1.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.64.17.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.65.17.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.66.71.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.67.75.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.62.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.68.75.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aliz Hammond",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-049"
}
],
"trust": 0.7
},
"cve": "CVE-2014-1251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-1251",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1251",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-69190",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1251",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-1251",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-444",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-69190",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-1251",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "VULHUB",
"id": "VHN-69190"
},
{
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of the clef atom. An attacker can use this flaw to overflow an improperly allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. \nVersions prior to QuickTime 7.7.5 are vulnerable on Windows 7, Vista, and XP SP2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-02-25-3 QuickTime 7.7.5\n\nQuickTime 7.7.5 is now available and addresses the following:\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized pointer issue existed in the handling\nof track lists. This issue was addressed through improved error\nchecking. \nCVE-ID\nCVE-2014-1243 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of H.264\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1244 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out of bounds byte swapping issue existed in the\nhandling of QuickTime image descriptions. This issue was addressed\nthrough improved bounds checking. \nCVE-ID\nCVE-2013-1032 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of \u0027stsz\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1245 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ftab\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1246 : An anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n\u0027dref\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1247 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ldat\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted PSD image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PSD\nimages. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1249 : dragonltx of Tencent Security Team\n\nQuickTime\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out of bounds byte swapping issue existed in the\nhandling of \u0027ttfo\u0027 elements. This issue was addressed through\nimproved bounds checking. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1251 : Aliz Hammond working with HP\u0027s Zero Day Initiative\n\nQuickTime 7.7.5 may be obtained from the QuickTime Downloads site:\nhttp://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJTDNezAAoJEPefwLHPlZEwA28P/24CQNEYClDxGO81zpafYO0R\nzNWNZiyxkcMWYGuDXvcN5HLiLiDwOkJqUMMkOxzCtsTKw69xopzlebzyZ4CS4YiZ\nJ4xQzzGjD3dOtseQLTHp1CRNXUl/sIgR1ztS+qCkmh5/QJlSEQlg/as9KlJ0RM2Q\nyzUfMjy92KZjmGRsEimFbI2xq9lMR1nwMC0pJvB4T670rK3SHEUs1lfpv2HNOAR7\n54s7OL8TU+L/xAo2HfS6+2LScKIrye7vsOMH0KuB3BiQ16HBYRQdL+tWV3HAF/Cl\nfk5EZQplKBcB3ljR6fvM3xv0xBtxo1AzYCuoJWu2Hr7kB/EsnBWKn/Tok6+6m0Fv\n7KlV1x6o23omqtFgXuI+wUm6Vp5q0kvnZghVIcZ+gWMa5utakYazCJ2v+HX8C0Jf\nexyk+l44APSEQ+n31HVEqcD8AfOj7HuRN/lP+N8KOPDMIMKEpvhvmB+x9+9b54y4\nc5S/zX2q3KQUra5/zGSmgMHeMAoMkvz+4bVZnINTzVx/gcROWhzPjv+R/pD/ofLR\n8rAQJvt9JOcrrfGnsk94ghimc6ZntpfMwkTLp82iRQcQuu5L5YR3lsAnZne1OExf\n8e9FVCbmdvoWsACPsvWvAhf0qoAX3B70lSybPXL8rYG+curfL0NlJb9ib6bho0wC\nkgqQGWbrFmVneRK/E72N\n=Kg2H\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1251"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "BID",
"id": "65787"
},
{
"db": "VULHUB",
"id": "VHN-69190"
},
{
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"db": "PACKETSTORM",
"id": "125429"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1251",
"trust": 3.7
},
{
"db": "BID",
"id": "65787",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU95788297",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1945",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-049",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201402-444",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "57148",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-61607",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69190",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1251",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125429",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "VULHUB",
"id": "VHN-69190"
},
{
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"db": "BID",
"id": "65787"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "PACKETSTORM",
"id": "125429"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"id": "VAR-201402-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69190"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T21:15:26.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2014-02-25-3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/feb/msg00002.html"
},
{
"title": "HT6151",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6151"
},
{
"title": "HT6151",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6151?viewlocale=ja_jp"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://support.apple.com/kb/ht1222"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69190"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht6151"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/65787"
},
{
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95788297/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1251"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57148"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1247"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1248"
},
{
"trust": 0.1,
"url": "http://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1244"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "VULHUB",
"id": "VHN-69190"
},
{
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"db": "BID",
"id": "65787"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "PACKETSTORM",
"id": "125429"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"db": "VULHUB",
"id": "VHN-69190"
},
{
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"db": "BID",
"id": "65787"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"db": "PACKETSTORM",
"id": "125429"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"date": "2014-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-69190"
},
{
"date": "2014-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65787"
},
{
"date": "2014-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"date": "2014-02-26T22:26:17",
"db": "PACKETSTORM",
"id": "125429"
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"date": "2014-02-27T01:55:03.807000",
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-049"
},
{
"date": "2015-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-69190"
},
{
"date": "2015-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1251"
},
{
"date": "2014-04-08T15:49:00",
"db": "BID",
"id": "65787"
},
{
"date": "2014-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001479"
},
{
"date": "2014-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-444"
},
{
"date": "2015-10-21T16:29:10.710000",
"db": "NVD",
"id": "CVE-2014-1251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001479"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-444"
}
],
"trust": 0.6
}
}
VAR-201508-0036
Vulnerability from variot - Updated: 2024-02-13 20:03ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). These issues affect OS X prior to 10.10.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An anonymous researcher working with HP\u0027s Zero Day Initiative, Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team, Maxime VILLARD of m00nbsd, Ryan Pentney and Richard Johnson of Cisco Talos, Xiaoyong Wu of the Evernote Security Team, JieTao Yang of KeenTeam",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
}
],
"trust": 0.6
},
"cve": "CVE-2015-5763",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-5763",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-83724",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5763",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-278",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83724",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5763",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83724"
},
{
"db": "VULMON",
"id": "CVE-2015-5763"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nNote: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). \nThese issues affect OS X prior to 10.10.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5763"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "VULHUB",
"id": "VHN-83724"
},
{
"db": "VULMON",
"id": "CVE-2015-5763"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5763",
"trust": 2.9
},
{
"db": "BID",
"id": "76340",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1033276",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-390",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83724",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5763",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83724"
},
{
"db": "VULMON",
"id": "CVE-2015-5763"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"id": "VAR-201508-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-83724"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T20:03:40.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
},
{
"title": "osxupd10.10.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57197"
},
{
"title": "iPhone7,1_8.4.1_12H321_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57198"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83724"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/76340"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5763"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5763"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-390/"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00004.html"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht205031"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83724"
},
{
"db": "VULMON",
"id": "CVE-2015-5763"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-83724"
},
{
"db": "VULMON",
"id": "CVE-2015-5763"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-83724"
},
{
"date": "2015-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5763"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76340"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"date": "2015-08-17T00:00:45.737000",
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-83724"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5763"
},
{
"date": "2016-07-05T21:35:00",
"db": "BID",
"id": "76340"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004293"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-278"
},
{
"date": "2017-09-21T01:29:14.103000",
"db": "NVD",
"id": "CVE-2015-5763"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of NTFS Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-278"
}
],
"trust": 0.6
}
}
VAR-201508-0408
Vulnerability from variot - Updated: 2024-02-13 19:47Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). These issues affect OS X prior to 10.10.5. Notification Center is one of the components that displays system notifications. The vulnerability stems from the program not properly removing user notifications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An anonymous researcher working with HP\u0027s Zero Day Initiative, Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team, Maxime VILLARD of m00nbsd, Ryan Pentney and Richard Johnson of Cisco Talos, Xiaoyong Wu of the Evernote Security Team, JieTao Yang of KeenTeam",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
}
],
"trust": 0.6
},
"cve": "CVE-2015-3764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3764",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-81725",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3764",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81725",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3764",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81725"
},
{
"db": "VULMON",
"id": "CVE-2015-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nNote: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). \nThese issues affect OS X prior to 10.10.5. Notification Center is one of the components that displays system notifications. The vulnerability stems from the program not properly removing user notifications",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "VULHUB",
"id": "VHN-81725"
},
{
"db": "VULMON",
"id": "CVE-2015-3764"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3764",
"trust": 2.9
},
{
"db": "BID",
"id": "76340",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1033276",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-277",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-390",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-81725",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3764",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81725"
},
{
"db": "VULMON",
"id": "CVE-2015-3764"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"id": "VAR-201508-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81725"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T19:47:24.960000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht1222"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81725"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/76340"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3764"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3764"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-390/"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00004.html"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht205031"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81725"
},
{
"db": "VULMON",
"id": "CVE-2015-3764"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81725"
},
{
"db": "VULMON",
"id": "CVE-2015-3764"
},
{
"db": "BID",
"id": "76340"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-81725"
},
{
"date": "2015-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3764"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76340"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"date": "2015-08-16T23:59:37.550000",
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-81725"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3764"
},
{
"date": "2016-07-05T21:35:00",
"db": "BID",
"id": "76340"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004263"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-277"
},
{
"date": "2017-09-21T01:29:06.993000",
"db": "NVD",
"id": "CVE-2015-3764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Vulnerability to read arbitrary notifications in the Notification Center",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004263"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-277"
}
],
"trust": 0.6
}
}