cvelistv5 - CVE-2007-0718

CVE-2007-0718 (GCVE-0-2007-0718)

Vulnerability from cvelistv5 – Published: 2007-03-05 22:00 – Updated: 2024-08-07 12:26

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/0825	vdb-entryx_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/313225	third-party-advisoryx_refsource_CERT-VN
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.securityfocus.com/bid/22827	vdb-entryx_refsource_BID
	http://secunia.com/advisories/24359	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/462012/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id?1017725	vdb-entryx_refsource_SECTRACK
	http://www.us-cert.gov/cas/techalerts/TA07-065A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/22839	vdb-entryx_refsource_BID
	http://docs.info.apple.com/article.html?artnum=305149	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:26:54.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0825",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0825"
          },
          {
            "name": "VU#313225",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/313225"
          },
          {
            "name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
          },
          {
            "name": "22827",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22827"
          },
          {
            "name": "24359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24359"
          },
          {
            "name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2007-03-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
          },
          {
            "name": "1017725",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017725"
          },
          {
            "name": "TA07-065A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
          },
          {
            "name": "22839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22839"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305149"
          },
          {
            "name": "quicktime-qtif-file-bo(32826)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0825",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0825"
        },
        {
          "name": "VU#313225",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/313225"
        },
        {
          "name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
        },
        {
          "name": "22827",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22827"
        },
        {
          "name": "24359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24359"
        },
        {
          "name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2007-03-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
        },
        {
          "name": "1017725",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017725"
        },
        {
          "name": "TA07-065A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
        },
        {
          "name": "22839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22839"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305149"
        },
        {
          "name": "quicktime-qtif-file-bo(32826)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0718",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0825",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0825"
            },
            {
              "name": "VU#313225",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/313225"
            },
            {
              "name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
            },
            {
              "name": "22827",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22827"
            },
            {
              "name": "24359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24359"
            },
            {
              "name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2007-03-05",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
            },
            {
              "name": "1017725",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017725"
            },
            {
              "name": "TA07-065A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
            },
            {
              "name": "22839",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22839"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305149",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=305149"
            },
            {
              "name": "quicktime-qtif-file-bo(32826)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0718",
    "datePublished": "2007-03-05T22:00:00",
    "dateReserved": "2007-02-05T00:00:00",
    "dateUpdated": "2024-08-07T12:26:54.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8692B488-129A-49EA-AF84-6077FCDBB898\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1758610B-3789-489E-A751-386D605E5A08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B535737C-BF32-471C-B26A-588632FCC427\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF2C61F8-B376-40F9-8677-CADCC3295915\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6254BB56-5A25-49DC-A851-3CCA249BD71D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"795E3354-7824-4EF4-A788-3CFEB75734E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9419A1E9-A0DA-4846-8959-BE50B53736E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"952A8015-B18B-481C-AC17-60F0D7EEE085\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E518B27-A79B-43A4-AFA6-E59EF8E944D3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la regi\\u00f3n heap de la memoria en Apple QuickTime anterior a versi\\u00f3n 7.1.5 permite a los atacantes remotos asistidos por el usuario causar una denegaci\\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\\u00f3digo arbitrario por medio de un archivo QTIF con una descripci\\u00f3n de muestra de video que contiene un ID de tabla Color de 0, que activa los corrupci\\u00f3n de la memoria cuando QuickTime asume que existe una tabla de colores.\"}]",
      "id": "CVE-2007-0718",
      "lastModified": "2024-11-21T00:26:34.543",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-03-05T22:19:00.000",
      "references": "[{\"url\": \"http://docs.info.apple.com/article.html?artnum=305149\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24359\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/313225\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/462012/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22827\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22839\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017725\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-065A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0825\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32826\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=305149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24359\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/313225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/462012/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22827\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22839\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017725\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-065A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0825\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0718\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-05T22:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Apple QuickTime anterior a versi\u00f3n 7.1.5 permite a los atacantes remotos asistidos por el usuario causar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo QTIF con una descripci\u00f3n de muestra de video que contiene un ID de tabla Color de 0, que activa los corrupci\u00f3n de la memoria cuando QuickTime asume que existe una tabla de colores.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B535737C-BF32-471C-B26A-588632FCC427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF2C61F8-B376-40F9-8677-CADCC3295915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6254BB56-5A25-49DC-A851-3CCA249BD71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795E3354-7824-4EF4-A788-3CFEB75734E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419A1E9-A0DA-4846-8959-BE50B53736E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"952A8015-B18B-481C-AC17-60F0D7EEE085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E518B27-A79B-43A4-AFA6-E59EF8E944D3\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=305149\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24359\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/313225\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/462012/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22827\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22839\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017725\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-065A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0825\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32826\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/313225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/462012/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-065A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-112

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le logiciel Apple QuickTime. Elles permettraient à une personne malveillante qui les exploiteraient de perturber l'application, voire d'exécuter des commandes arbitraires sur le système ayant une version vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le lecteur multimedia Apple QuickTime. Elles concernent une mauvaise manipulation de fichiers aux formats suivants :

3rd Generation Partnership Project (extensions de fichier : .3gp ou .3g2). Il s'agit d'un format de vidéos compressées prévues pour être diffusées sur les réseaux mobiles dits de troisième génération (3G).
MIDI, ou Musical Instrument Digital Interface (extension .smf). Il s'agit d'un format destiné intialement à faire communiquer les instruments électroniques.
Quicktime (extension : .mov). Il s'agit d'un format permettant de regrouper plusieurs types de données (texte, video ou audio par exemple).
PICT (extension : .pct). Il s'agit d'un format vectoriel interne au fonctionnement de Macintosh.
QTIF, ou Quicktime Image File Format (extension : .qif). Il s'agit d'un format permettant de regrouper plusieurs images compressées.

Ces vulnérabilités permettraient à une personne malveillante qui les exploiteraient de perturber l'application, voire d'exécuter des commandes arbitraires sur le système ayant une version vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de QuickTime antérieures à 7.1.5, pour Apple Mac OS ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité 305149 du 06 mars 2007	None	vendor-advisory
Bulletin de sécurité iDefense du 05 mars 2007 :	-	other
Bulletin de sécurité Apple du 06 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions de QuickTime ant\u00e9rieures \u00e0 7.1.5, pour Apple Mac  OS ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multimedia\nApple QuickTime. Elles concernent une mauvaise manipulation de fichiers\naux formats suivants :\n\n-   3rd Generation Partnership Project (extensions de fichier : .3gp ou\n    .3g2). Il s\u0027agit d\u0027un format de vid\u00e9os compress\u00e9es pr\u00e9vues pour \u00eatre\n    diffus\u00e9es sur les r\u00e9seaux mobiles dits de troisi\u00e8me g\u00e9n\u00e9ration (3G).\n-   MIDI, ou Musical Instrument Digital Interface (extension .smf). Il\n    s\u0027agit d\u0027un format destin\u00e9 intialement \u00e0 faire communiquer les\n    instruments \u00e9lectroniques.\n-   Quicktime (extension : .mov). Il s\u0027agit d\u0027un format permettant de\n    regrouper plusieurs types de donn\u00e9es (texte, video ou audio par\n    exemple).\n-   PICT (extension : .pct). Il s\u0027agit d\u0027un format vectoriel interne au\n    fonctionnement de Macintosh.\n-   QTIF, ou Quicktime Image File Format (extension : .qif). Il s\u0027agit\n    d\u0027un format permettant de regrouper plusieurs images compress\u00e9es.\n\nCes vuln\u00e9rabilit\u00e9s permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4965"
    },
    {
      "name": "CVE-2007-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0714"
    },
    {
      "name": "CVE-2007-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0718"
    },
    {
      "name": "CVE-2007-0712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0712"
    },
    {
      "name": "CVE-2007-0716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0716"
    },
    {
      "name": "CVE-2007-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0711"
    },
    {
      "name": "CVE-2007-0717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0717"
    },
    {
      "name": "CVE-2007-0713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0713"
    },
    {
      "name": "CVE-2007-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0715"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 05 mars 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=486"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 06 mars 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    }
  ],
  "reference": "CERTA-2007-AVI-112",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le logiciel Apple\nQuickTime. Elles permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 305149 du 06 mars 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-112

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans le lecteur multimedia Apple QuickTime. Elles concernent une mauvaise manipulation de fichiers aux formats suivants :

3rd Generation Partnership Project (extensions de fichier : .3gp ou .3g2). Il s'agit d'un format de vidéos compressées prévues pour être diffusées sur les réseaux mobiles dits de troisième génération (3G).
MIDI, ou Musical Instrument Digital Interface (extension .smf). Il s'agit d'un format destiné intialement à faire communiquer les instruments électroniques.
Quicktime (extension : .mov). Il s'agit d'un format permettant de regrouper plusieurs types de données (texte, video ou audio par exemple).
PICT (extension : .pct). Il s'agit d'un format vectoriel interne au fonctionnement de Macintosh.
QTIF, ou Quicktime Image File Format (extension : .qif). Il s'agit d'un format permettant de regrouper plusieurs images compressées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de QuickTime antérieures à 7.1.5, pour Apple Mac OS ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité 305149 du 06 mars 2007	None	vendor-advisory
Bulletin de sécurité iDefense du 05 mars 2007 :	-	other
Bulletin de sécurité Apple du 06 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions de QuickTime ant\u00e9rieures \u00e0 7.1.5, pour Apple Mac  OS ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multimedia\nApple QuickTime. Elles concernent une mauvaise manipulation de fichiers\naux formats suivants :\n\n-   3rd Generation Partnership Project (extensions de fichier : .3gp ou\n    .3g2). Il s\u0027agit d\u0027un format de vid\u00e9os compress\u00e9es pr\u00e9vues pour \u00eatre\n    diffus\u00e9es sur les r\u00e9seaux mobiles dits de troisi\u00e8me g\u00e9n\u00e9ration (3G).\n-   MIDI, ou Musical Instrument Digital Interface (extension .smf). Il\n    s\u0027agit d\u0027un format destin\u00e9 intialement \u00e0 faire communiquer les\n    instruments \u00e9lectroniques.\n-   Quicktime (extension : .mov). Il s\u0027agit d\u0027un format permettant de\n    regrouper plusieurs types de donn\u00e9es (texte, video ou audio par\n    exemple).\n-   PICT (extension : .pct). Il s\u0027agit d\u0027un format vectoriel interne au\n    fonctionnement de Macintosh.\n-   QTIF, ou Quicktime Image File Format (extension : .qif). Il s\u0027agit\n    d\u0027un format permettant de regrouper plusieurs images compress\u00e9es.\n\nCes vuln\u00e9rabilit\u00e9s permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4965"
    },
    {
      "name": "CVE-2007-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0714"
    },
    {
      "name": "CVE-2007-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0718"
    },
    {
      "name": "CVE-2007-0712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0712"
    },
    {
      "name": "CVE-2007-0716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0716"
    },
    {
      "name": "CVE-2007-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0711"
    },
    {
      "name": "CVE-2007-0717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0717"
    },
    {
      "name": "CVE-2007-0713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0713"
    },
    {
      "name": "CVE-2007-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0715"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 05 mars 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=486"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 06 mars 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    }
  ],
  "reference": "CERTA-2007-AVI-112",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le logiciel Apple\nQuickTime. Elles permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 305149 du 06 mars 2007",
      "url": null
    }
  ]
}

GSD-2007-0718

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0718

Aliases

CVE-2007-0718

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0718",
    "description": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.",
    "id": "GSD-2007-0718"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0718"
      ],
      "details": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.",
      "id": "GSD-2007-0718",
      "modified": "2023-12-13T01:21:36.021692Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0718",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-0825",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0825"
          },
          {
            "name": "VU#313225",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/313225"
          },
          {
            "name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
          },
          {
            "name": "22827",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22827"
          },
          {
            "name": "24359",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24359"
          },
          {
            "name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2007-03-05",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
          },
          {
            "name": "1017725",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017725"
          },
          {
            "name": "TA07-065A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
          },
          {
            "name": "22839",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22839"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305149",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305149"
          },
          {
            "name": "quicktime-qtif-file-bo(32826)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0718"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2007-03-05",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305149",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=305149"
            },
            {
              "name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
            },
            {
              "name": "TA07-065A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
            },
            {
              "name": "VU#313225",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/313225"
            },
            {
              "name": "22827",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22827"
            },
            {
              "name": "22839",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22839"
            },
            {
              "name": "1017725",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securitytracker.com/id?1017725"
            },
            {
              "name": "24359",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24359"
            },
            {
              "name": "ADV-2007-0825",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0825"
            },
            {
              "name": "quicktime-qtif-file-bo(32826)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
            },
            {
              "name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:33Z",
      "publishedDate": "2007-03-05T22:19Z"
    }
  }
}

FKIE_CVE-2007-0718

Vulnerability from fkie_nvd - Published: 2007-03-05 22:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305149	Patch, Vendor Advisory
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24359	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/313225	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/462012/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/22827
cve@mitre.org	http://www.securityfocus.com/bid/22839
cve@mitre.org	http://www.securitytracker.com/id?1017725	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-065A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0825	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305149	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24359	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/313225	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/462012/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22827
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22839
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017725	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-065A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0825	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32826

Impacted products

Vendor	Product	Version
apple	quicktime	7.0
apple	quicktime	7.0.1
apple	quicktime	7.0.2
apple	quicktime	7.0.3
apple	quicktime	7.0.4
apple	quicktime	7.1
apple	quicktime	7.1.1
apple	quicktime	7.1.2
apple	quicktime	7.1.3
apple	quicktime	7.1.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Apple QuickTime anterior a versi\u00f3n 7.1.5 permite a los atacantes remotos asistidos por el usuario causar una denegaci\u00f3n de servicio (bloqueo) y posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo QTIF con una descripci\u00f3n de muestra de video que contiene un ID de tabla Color de 0, que activa los corrupci\u00f3n de la memoria cuando QuickTime asume que existe una tabla de colores."
    }
  ],
  "id": "CVE-2007-0718",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-05T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/313225"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22839"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/id?1017725"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0825"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/313225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/id?1017725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8JV3-M78V-V5V9

Vulnerability from github – Published: 2022-05-01 17:46 – Updated: 2022-05-01 17:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-05T22:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.",
  "id": "GHSA-8jv3-m78v-v5v9",
  "modified": "2022-05-01T17:46:36Z",
  "published": "2022-05-01T17:46:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0718"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24359"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/313225"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22827"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22839"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017725"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200703-0019

Vulnerability from variot - Updated: 2024-07-23 19:59

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. QuickTime is prone to a heap-overflow vulnerability because it fails to perform adequate bounds checking on user-supplied data. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. Remote attackers may exploit these vulnerabilities to control the user's machine by enticing the user to open and process malformed media files. (CVE-2007-0718). BACKGROUND

Quicktime is Apple's media player product used to render video and other media. For more information visit http://www.apple.com/quicktime/

II.

The vulnerability specifically exists in QuickTime players handling of Video media atoms. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed.

III.

In order to exploit this vulnerability, an attacker must persuade a victim into opening a specially crafted media file. This could be accomplished by either a direct link or referenced from a website under the attacker's control. No further interaction is required in the default configuration.

IV. DETECTION

iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows.

V. WORKAROUND

iDefense is currently unaware of any effective workarounds for this vulnerability.

VI. More information can be found in Apple Advisory APPLE-SA-2007-03-05 at the following URL.

http://docs.info.apple.com/article.html?artnum=305149

VII. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

12/06/2006 Initial vendor notification 12/11/2007 Initial vendor response 02/01/2007 Second vendor notification 03/05/2007 Coordinated public disclosure

IX. CREDIT

This vulnerability was reported to iDefense by Ruben Santamarta of Reversemode Labs (www.reversemode.com).

Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events http://labs.idefense.com/

X. LEGAL NOTICES

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0019",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 6.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0718",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-0718",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-24080",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0718",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#568689",
            "trust": 0.8,
            "value": "16.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#880561",
            "trust": 0.8,
            "value": "6.64"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#822481",
            "trust": 0.8,
            "value": "9.00"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#861817",
            "trust": 0.8,
            "value": "17.36"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#448745",
            "trust": 0.8,
            "value": "4.81"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#313225",
            "trust": 0.8,
            "value": "17.72"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#410993",
            "trust": 0.8,
            "value": "16.20"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#642433",
            "trust": 0.8,
            "value": "16.20"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200703-165",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24080",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. QuickTime is prone to a heap-overflow vulnerability because it fails to perform adequate bounds checking on user-supplied data. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. Remote attackers may exploit these vulnerabilities to control the user\u0027s machine by enticing the user to open and process malformed media files. (CVE-2007-0718). BACKGROUND\n\nQuicktime is Apple\u0027s media player product used to render video and other\nmedia. For more information visit http://www.apple.com/quicktime/\n\nII. \n\nThe vulnerability specifically exists in QuickTime players handling of\nVideo media atoms. A byte swap process is then performed\non the memory following the description, regardless if a table is present\nor not. Heap corruption will occur in the case when the memory following\nthe description is not part of the heap chunk being processed. \n\nIII. \n\nIn order to exploit this vulnerability, an attacker must persuade a victim\ninto opening a specially crafted media file. This could be accomplished by\neither a direct link or referenced from a website under the attacker\u0027s\ncontrol. No further interaction is required in the default configuration. \n\nIV. DETECTION\n\niDefense Labs confirmed this vulnerability exists in version 7.1.3 of\nQuickTime on Windows. \n\nV. WORKAROUND\n\niDefense is currently unaware of any effective workarounds for this\nvulnerability. \n\nVI. More information can be found in Apple Advisory\nAPPLE-SA-2007-03-05 at the following URL. \n\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nVII. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n12/06/2006  Initial vendor notification\n12/11/2007  Initial vendor response\n02/01/2007  Second vendor notification\n03/05/2007  Coordinated public disclosure\n\nIX. CREDIT\n\nThis vulnerability was reported to iDefense by Ruben Santamarta of\nReversemode Labs (www.reversemode.com). \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2007 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert electronically. \nIt may not be edited in any way without the express written consent of\niDefense. If you wish to reprint the whole or any part of this alert in\nany other medium other than electronically, please e-mail\ncustomerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate at\nthe time of publishing based on currently available information. Use of\nthe information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on, this\ninformation. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      },
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22839"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "db": "PACKETSTORM",
        "id": "54931"
      }
    ],
    "trust": 8.1
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-24080",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22827",
        "trust": 9.2
      },
      {
        "db": "SECUNIA",
        "id": "24359",
        "trust": 8.9
      },
      {
        "db": "SECTRACK",
        "id": "1017725",
        "trust": 8.1
      },
      {
        "db": "AUSCERT",
        "id": "AL-2007.0031",
        "trust": 6.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225",
        "trust": 3.9
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "22839",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA07-065A",
        "trust": 2.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0825",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "32826",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#568689",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "22843",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "22844",
        "trust": 0.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-010",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA07-065A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20070306 [REVERSEMODE ADVISORY] APPLE QUICKTIME COLOR ID REMOTE HEAP CORRUPTION",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA07-065A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-03-05",
        "trust": 0.6
      },
      {
        "db": "IDEFENSE",
        "id": "20070305 APPLE QUICKTIME COLOR TABLE ID HEAP CORRUPTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "54931",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-24080",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "db": "PACKETSTORM",
        "id": "54931"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "id": "VAR-200703-0019",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:59:00.989000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "QuickTime 7.1.5 for Mac",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/quicktime715formac.html"
      },
      {
        "title": "QuickTime 7.1.5 for Windows",
        "trust": 0.8,
        "url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
      },
      {
        "title": "QuickTime 7.1.5",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=305149"
      },
      {
        "title": "QuickTime 7.1.5",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
      },
      {
        "title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/quicktime/download/win.html"
      },
      {
        "title": "QuickTime 7.1.5 for Windows",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
      },
      {
        "title": "QuickTime 7.1.5 for Mac",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 8.9,
        "url": "http://www.securityfocus.com/bid/22827"
      },
      {
        "trust": 8.2,
        "url": "http://docs.info.apple.com/article.html?artnum=305149"
      },
      {
        "trust": 6.4,
        "url": "http://secunia.com/advisories/24359/"
      },
      {
        "trust": 6.4,
        "url": "http://www.auscert.org.au/7356"
      },
      {
        "trust": 6.4,
        "url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
      },
      {
        "trust": 5.6,
        "url": "http://securitytracker.com/id?1017725 "
      },
      {
        "trust": 3.1,
        "url": "http://www.kb.cert.org/vuls/id/313225"
      },
      {
        "trust": 2.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.apple.com/quicktime/download/"
      },
      {
        "trust": 2.5,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/22839"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1017725"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/24359"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/tips/st04-010.html"
      },
      {
        "trust": 2.4,
        "url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
      },
      {
        "trust": 2.4,
        "url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.mozilla.org/support/firefox/faq"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/0825"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/32826"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0825"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
      },
      {
        "trust": 0.8,
        "url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/.mov"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/22843"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
      },
      {
        "trust": 0.8,
        "url": "http://secway.org/advisory/ad20070306.txt"
      },
      {
        "trust": 0.8,
        "url": "http://secway.org/advisory/ad20060512.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/22844"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/pict"
      },
      {
        "trust": 0.8,
        "url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0718"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-065a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-065a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0718"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
      },
      {
        "trust": 0.7,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.6,
        "url": "msg://bugtraq/45ec9719.10206@idefense.com"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/462012/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/410993"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/448745"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/568689"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/642433"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/822481"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/861817"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/880561"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/462012"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/),"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
      },
      {
        "trust": 0.1,
        "url": "https://www.reversemode.com)."
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0718"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "db": "PACKETSTORM",
        "id": "54931"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22839"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "db": "PACKETSTORM",
        "id": "54931"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "date": "2007-03-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "date": "2007-03-05T00:00:00",
        "db": "BID",
        "id": "22827"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "BID",
        "id": "22839"
      },
      {
        "date": "2007-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "date": "2007-03-08T23:27:30",
        "db": "PACKETSTORM",
        "id": "54931"
      },
      {
        "date": "2007-03-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "date": "2007-03-05T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#568689"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#880561"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#822481"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#861817"
      },
      {
        "date": "2007-03-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#448745"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#313225"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#410993"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#642433"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24080"
      },
      {
        "date": "2007-03-06T21:05:00",
        "db": "BID",
        "id": "22827"
      },
      {
        "date": "2007-03-06T00:00:00",
        "db": "BID",
        "id": "22839"
      },
      {
        "date": "2007-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000198"
      },
      {
        "date": "2007-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      },
      {
        "date": "2018-10-16T16:33:56.577000",
        "db": "NVD",
        "id": "CVE-2007-0718"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "54931"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-165"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime 3GP integer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#568689"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "22827"
      },
      {
        "db": "BID",
        "id": "22839"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0718 (GCVE-0-2007-0718)

CERTA-2007-AVI-112

Description

Solution

CERTA-2007-AVI-112

Description

Solution

GSD-2007-0718

FKIE_CVE-2007-0718

GHSA-8JV3-M78V-V5V9

VAR-200703-0019

Tags

Sightings

Nomenclature