cvelistv5 - CVE-2007-0713

CVE-2007-0713

Vulnerability from cvelistv5

Published

2007-03-05 22:00

Modified

2024-08-07 12:26

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305149	Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24359
cve@mitre.org	http://www.kb.cert.org/vuls/id/880561	US Government Resource
cve@mitre.org	http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
cve@mitre.org	http://www.securityfocus.com/archive/1/461983/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/22827
cve@mitre.org	http://www.securityfocus.com/bid/22843
cve@mitre.org	http://www.securitytracker.com/id?1017725
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-065A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0825
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32817

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:26:54.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0825",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0825"
          },
          {
            "name": "VU#880561",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/880561"
          },
          {
            "name": "quicktime-quicktime-bo(32817)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
          },
          {
            "name": "22827",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22827"
          },
          {
            "name": "24359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24359"
          },
          {
            "name": "APPLE-SA-2007-03-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
          },
          {
            "name": "1017725",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017725"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
          },
          {
            "name": "TA07-065A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
          },
          {
            "name": "20070306 Apple QuickTime Player Remote Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305149"
          },
          {
            "name": "22843",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22843"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0825",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0825"
        },
        {
          "name": "VU#880561",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/880561"
        },
        {
          "name": "quicktime-quicktime-bo(32817)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
        },
        {
          "name": "22827",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22827"
        },
        {
          "name": "24359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24359"
        },
        {
          "name": "APPLE-SA-2007-03-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
        },
        {
          "name": "1017725",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017725"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
        },
        {
          "name": "TA07-065A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
        },
        {
          "name": "20070306 Apple QuickTime Player Remote Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305149"
        },
        {
          "name": "22843",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22843"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0825",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0825"
            },
            {
              "name": "VU#880561",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/880561"
            },
            {
              "name": "quicktime-quicktime-bo(32817)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
            },
            {
              "name": "22827",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22827"
            },
            {
              "name": "24359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24359"
            },
            {
              "name": "APPLE-SA-2007-03-05",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
            },
            {
              "name": "1017725",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017725"
            },
            {
              "name": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt",
              "refsource": "MISC",
              "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
            },
            {
              "name": "TA07-065A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
            },
            {
              "name": "20070306 Apple QuickTime Player Remote Heap Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305149",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=305149"
            },
            {
              "name": "22843",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22843"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0713",
    "datePublished": "2007-03-05T22:00:00",
    "dateReserved": "2007-02-05T00:00:00",
    "dateUpdated": "2024-08-07T12:26:54.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0713\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-05T22:19:00.000\",\"lastModified\":\"2018-10-16T16:33:53.887\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en mont\u00f3n en Apple QuickTime anterior a 7.1.5 permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo de pel\u00edcula QuickTime manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B535737C-BF32-471C-B26A-588632FCC427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF2C61F8-B376-40F9-8677-CADCC3295915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6254BB56-5A25-49DC-A851-3CCA249BD71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795E3354-7824-4EF4-A788-3CFEB75734E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419A1E9-A0DA-4846-8959-BE50B53736E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952A8015-B18B-481C-AC17-60F0D7EEE085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E518B27-A79B-43A4-AFA6-E59EF8E944D3\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=305149\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24359\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/880561\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/461983/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22827\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22843\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017725\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-065A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0825\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32817\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

ghsa-3mwj-25mw-j4g4

Vulnerability from github

Published

2022-05-01 17:46

Modified

2022-05-01 17:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0713"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-05T22:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.",
  "id": "GHSA-3mwj-25mw-j4g4",
  "modified": "2022-05-01T17:46:36Z",
  "published": "2022-05-01T17:46:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0713"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24359"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/880561"
    },
    {
      "type": "WEB",
      "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22827"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22843"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017725"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0713). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

             Technical Cyber Security Alert TA07-065A

Apple Releases Security Updates for QuickTime

Original release date: March 06, 2007 Last revised: -- Source: US-CERT

Systems Affected

Apple QuickTime on systems running

 * Apple Mac OS X

 * Microsoft Windows

Overview

Apple QuickTime contains multiple vulnerabilities.

I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.

Note that QuickTime ships with Apple iTunes.

For more information, please refer to the Vulnerability Notes Database.

II. For further information, please see the Vulnerability Notes Database.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.

On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.

Disable QuickTime in your web browser

An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.

References

 * Vulnerability Notes for QuickTime 7.1.5 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>

 * About the security content of the QuickTime 7.1.5 Update -
   <http://docs.info.apple.com/article.html?artnum=305149>

 * How to tell if Software Update for Windows is working correctly
   when no updates are available -
   <http://docs.info.apple.com/article.html?artnum=304263>

 * Apple QuickTime 7.1.5 for Windows -
   <http://www.apple.com/support/downloads/quicktime715forwindows.html>

 * Apple QuickTime 7.1.5 for Mac -
   <http://www.apple.com/support/downloads/quicktime715formac.html>

 * Standalone Apple QuickTime Player -
   <http://www.apple.com/quicktime/download/standalone.html>

 * Mac OS X: Updating your software -
   <http://docs.info.apple.com/article.html?artnum=106704>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA07-065A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2007 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

March 06, 2007: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .

1) An integer overflow error exists in the handling of 3GP video files.

2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.

4) An integer overflow exists in the handling of UDTA atoms in movie files.

5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.

6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.

7) An integer overflow exists in the handling of QTIF files.

8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".

SOLUTION: Update to version 7.1.5.

Mac OS X: http://www.apple.com/quicktime/download/mac.html

Windows: http://www.apple.com/quicktime/download/win.html

PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149

Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt

iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0011",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 6.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0713",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-0713",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-24075",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0713",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#568689",
            "trust": 0.8,
            "value": "16.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#880561",
            "trust": 0.8,
            "value": "6.64"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#822481",
            "trust": 0.8,
            "value": "9.00"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#861817",
            "trust": 0.8,
            "value": "17.36"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#448745",
            "trust": 0.8,
            "value": "4.81"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#313225",
            "trust": 0.8,
            "value": "17.72"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#410993",
            "trust": 0.8,
            "value": "16.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#642433",
            "trust": 0.8,
            "value": "16.20"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200703-195",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24075",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0713). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                        National Cyber Alert System\n\n                 Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n   Original release date: March 06, 2007\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n   Apple QuickTime on systems running\n\n     * Apple Mac OS X\n\n     * Microsoft Windows\n\n\nOverview\n\n   Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n   could exploit these vulnerabilities by convincing a user to access a\n   specially crafted image or media file with a vulnerable version of\n   QuickTime. Since QuickTime configures most web browsers to handle\n   QuickTime media files, an attacker could exploit these vulnerabilities\n   using a web page. \n\n   Note that QuickTime ships with Apple iTunes. \n\n   For more information, please refer to the Vulnerability Notes\n   Database. \n\n\nII. For further information, please see the Vulnerability Notes\n   Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n   Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n   available via Apple Update. \n\n   On Microsoft Windows the QuickTime built-in auto-update mechanism may\n   not detect this release. Instead, Windows users should check for\n   updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n   An attacker may be able to exploit this vulnerability by persuading a\n   user to access a specially crafted file with a web browser. Disabling\n   QuickTime in your web browser will defend against this attack vector. \n   For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n     * Vulnerability Notes for QuickTime 7.1.5 -\n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n     * About the security content of the QuickTime 7.1.5 Update -\n       \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n     * How to tell if Software Update for Windows is working correctly\n       when no updates are available -\n       \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n     * Apple QuickTime 7.1.5 for Windows -\n       \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n     * Apple QuickTime 7.1.5 for Mac -\n       \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n     * Standalone Apple QuickTime Player -\n       \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n     * Mac OS X: Updating your software -\n       \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n     * Securing Your Web Browser -\n       \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n   Revision History\n\n   March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n5) A boundary error in the handling of PICT files can be exploited to\ncause a heap-based buffer overflow. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      },
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22843"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "db": "PACKETSTORM",
        "id": "54941"
      },
      {
        "db": "PACKETSTORM",
        "id": "54850"
      }
    ],
    "trust": 8.19
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22827",
        "trust": 9.2
      },
      {
        "db": "SECUNIA",
        "id": "24359",
        "trust": 9.0
      },
      {
        "db": "SECTRACK",
        "id": "1017725",
        "trust": 8.1
      },
      {
        "db": "AUSCERT",
        "id": "AL-2007.0031",
        "trust": 6.4
      },
      {
        "db": "BID",
        "id": "22843",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0713",
        "trust": 3.1
      },
      {
        "db": "USCERT",
        "id": "TA07-065A",
        "trust": 2.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0825",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "32817",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#568689",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "22844",
        "trust": 0.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-010",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA07-065A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA07-065A",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070306 APPLE QUICKTIME PLAYER REMOTE HEAP OVERFLOW",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-03-05",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-24075",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "54941",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "54850",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "db": "PACKETSTORM",
        "id": "54941"
      },
      {
        "db": "PACKETSTORM",
        "id": "54850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "id": "VAR-200703-0011",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24075"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:56:58.629000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "QuickTime 7.1.5 for Mac",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/quicktime715formac.html"
      },
      {
        "title": "QuickTime 7.1.5 for Windows",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
      },
      {
        "title": "QuickTime 7.1.5",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=305149"
      },
      {
        "title": "QuickTime 7.1.5",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
      },
      {
        "title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/quicktime/download/win.html"
      },
      {
        "title": "QuickTime 7.1.5 for Windows",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
      },
      {
        "title": "QuickTime 7.1.5 for Mac",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 8.9,
        "url": "http://www.securityfocus.com/bid/22827"
      },
      {
        "trust": 8.5,
        "url": "http://docs.info.apple.com/article.html?artnum=305149"
      },
      {
        "trust": 6.5,
        "url": "http://secunia.com/advisories/24359/"
      },
      {
        "trust": 6.4,
        "url": "http://www.auscert.org.au/7356"
      },
      {
        "trust": 6.4,
        "url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
      },
      {
        "trust": 5.6,
        "url": "http://securitytracker.com/id?1017725 "
      },
      {
        "trust": 3.3,
        "url": "http://www.securityfocus.com/bid/22843"
      },
      {
        "trust": 3.0,
        "url": "http://www.apple.com/quicktime/download/"
      },
      {
        "trust": 2.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/880561"
      },
      {
        "trust": 2.6,
        "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1017725"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/24359"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/tips/st04-010.html"
      },
      {
        "trust": 2.4,
        "url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
      },
      {
        "trust": 2.4,
        "url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.mozilla.org/support/firefox/faq"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/0825"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/32817"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0825"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
      },
      {
        "trust": 0.9,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/.mov"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
      },
      {
        "trust": 0.8,
        "url": "http://secway.org/advisory/ad20070306.txt"
      },
      {
        "trust": 0.8,
        "url": "http://secway.org/advisory/ad20060512.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/22844"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/pict"
      },
      {
        "trust": 0.8,
        "url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0713"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-065a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-065a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0713"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/461983/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "msg://bugtraq/45ec9719.10206@idefense.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/313225"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/410993"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/448745"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/568689"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/642433"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/822481"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/861817"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/461983"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5090/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/win.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/disassembling_og_reversing/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/mac.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "db": "PACKETSTORM",
        "id": "54941"
      },
      {
        "db": "PACKETSTORM",
        "id": "54850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22843"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "db": "PACKETSTORM",
        "id": "54941"
      },
      {
        "db": "PACKETSTORM",
        "id": "54850"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "date": "2007-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "date": "2007-03-05T00:00:00",
        "db": "BID",
        "id": "22827"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "BID",
        "id": "22843"
      },
      {
        "date": "2007-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "date": "2007-03-09T00:22:35",
        "db": "PACKETSTORM",
        "id": "54941"
      },
      {
        "date": "2007-03-08T00:54:52",
        "db": "PACKETSTORM",
        "id": "54850"
      },
      {
        "date": "2007-03-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "date": "2007-03-05T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "date": "2007-03-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24075"
      },
      {
        "date": "2007-03-06T21:05:00",
        "db": "BID",
        "id": "22827"
      },
      {
        "date": "2007-03-06T20:35:00",
        "db": "BID",
        "id": "22843"
      },
      {
        "date": "2007-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000193"
      },
      {
        "date": "2007-03-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      },
      {
        "date": "2018-10-16T16:33:53.887000",
        "db": "NVD",
        "id": "CVE-2007-0713"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "54941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-195"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime 3GP integer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22843"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-0713

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0713

Aliases

CVE-2007-0713

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0713",
    "description": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.",
    "id": "GSD-2007-0713"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0713"
      ],
      "details": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.",
      "id": "GSD-2007-0713",
      "modified": "2023-12-13T01:21:35.641922Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0713",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-0825",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0825"
          },
          {
            "name": "VU#880561",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/880561"
          },
          {
            "name": "quicktime-quicktime-bo(32817)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
          },
          {
            "name": "22827",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22827"
          },
          {
            "name": "24359",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24359"
          },
          {
            "name": "APPLE-SA-2007-03-05",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
          },
          {
            "name": "1017725",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017725"
          },
          {
            "name": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt",
            "refsource": "MISC",
            "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
          },
          {
            "name": "TA07-065A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
          },
          {
            "name": "20070306 Apple QuickTime Player Remote Heap Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305149",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305149"
          },
          {
            "name": "22843",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22843"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0713"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2007-03-05",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305149",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305149"
            },
            {
              "name": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
            },
            {
              "name": "TA07-065A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
            },
            {
              "name": "VU#880561",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/880561"
            },
            {
              "name": "22827",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22827"
            },
            {
              "name": "22843",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22843"
            },
            {
              "name": "1017725",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017725"
            },
            {
              "name": "24359",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24359"
            },
            {
              "name": "ADV-2007-0825",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0825"
            },
            {
              "name": "quicktime-quicktime-bo(32817)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
            },
            {
              "name": "20070306 Apple QuickTime Player Remote Heap Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:33Z",
      "publishedDate": "2007-03-05T22:19Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0713

Vulnerability from cvelistv5

ghsa-3mwj-25mw-j4g4

Vulnerability from github

var-200703-0011

Vulnerability from variot

gsd-2007-0713

Vulnerability from gsd

Tags

Sightings

Nomenclature