CVE-2006-4388 (GCVE-0-2006-4388)

Vulnerability from cvelistv5 – Published: 2006-09-12 23:00 – Updated: 2024-08-07 19:06

Summary

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.osvdb.org/28770	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/445888/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1016830	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/21893	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/19976	vdb-entryx_refsource_BID
	http://security.gentoo.org/glsa/glsa-200803-08.xml	vendor-advisoryx_refsource_GENTOO
	http://securityreason.com/securityalert/1554	third-party-advisoryx_refsource_SREASON
	http://docs.info.apple.com/article.html?artnum=304357	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/200316	third-party-advisoryx_refsource_CERT-VN
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2006/3577	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29182	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28770",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28770"
          },
          {
            "name": "20060913 Multiple Vulnerabilities in Apple QuickTime",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
          },
          {
            "name": "1016830",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016830"
          },
          {
            "name": "quicktime-flashpix-bo(28935)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
          },
          {
            "name": "21893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21893"
          },
          {
            "name": "19976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19976"
          },
          {
            "name": "GLSA-200803-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
          },
          {
            "name": "1554",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1554"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304357"
          },
          {
            "name": "VU#200316",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/200316"
          },
          {
            "name": "APPLE-SA-2006-09-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
          },
          {
            "name": "ADV-2006-3577",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3577"
          },
          {
            "name": "29182",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29182"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28770",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28770"
        },
        {
          "name": "20060913 Multiple Vulnerabilities in Apple QuickTime",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
        },
        {
          "name": "1016830",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016830"
        },
        {
          "name": "quicktime-flashpix-bo(28935)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
        },
        {
          "name": "21893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21893"
        },
        {
          "name": "19976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19976"
        },
        {
          "name": "GLSA-200803-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
        },
        {
          "name": "1554",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1554"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304357"
        },
        {
          "name": "VU#200316",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/200316"
        },
        {
          "name": "APPLE-SA-2006-09-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
        },
        {
          "name": "ADV-2006-3577",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3577"
        },
        {
          "name": "29182",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29182"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4388",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28770",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28770"
            },
            {
              "name": "20060913 Multiple Vulnerabilities in Apple QuickTime",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
            },
            {
              "name": "1016830",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016830"
            },
            {
              "name": "quicktime-flashpix-bo(28935)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
            },
            {
              "name": "21893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21893"
            },
            {
              "name": "19976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19976"
            },
            {
              "name": "GLSA-200803-08",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
            },
            {
              "name": "1554",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1554"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=304357",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=304357"
            },
            {
              "name": "VU#200316",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/200316"
            },
            {
              "name": "APPLE-SA-2006-09-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
            },
            {
              "name": "ADV-2006-3577",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3577"
            },
            {
              "name": "29182",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29182"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4388",
    "datePublished": "2006-09-12T23:00:00",
    "dateReserved": "2006-08-28T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.1.2\", \"matchCriteriaId\": \"6C66A47A-7A0A-4D11-9FE8-E42A07D6E18D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41473E1D-B988-4312-B16B-D340508DD473\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCC2EBC0-F2A6-4709-9A27-CF63BC578744\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"844E1B14-A13A-47F1-9C82-02EAEED1A911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80747BDD-70E9-4E74-896F-C79D014F1B2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA1E140B-BCB4-4B3C-B287-E9E944E08DB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2CE0B67-0794-472D-A2C0-CC5CA0E36370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*\", \"matchCriteriaId\": \"B821AA3F-98E4-4AF2-8E7F-52D5FF8F5000\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*\", \"matchCriteriaId\": \"D8239EEC-A7FA-45FC-8AE8-793A1F46B34C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"BC1B46A6-E032-4E24-B367-F5A94E770FC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8692B488-129A-49EA-AF84-6077FCDBB898\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*\", \"matchCriteriaId\": \"3195F233-6E2E-47CD-A882-4F01BECC40FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*\", \"matchCriteriaId\": \"CCD74F99-E8DD-4DF6-91AF-5AA443DB1921\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"6E0B99DA-3BDA-4848-85BB-EC0D002A73F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1758610B-3789-489E-A751-386D605E5A08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"5EDE46EA-5B6A-4B59-8BAA-CD803F6D5FD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B535737C-BF32-471C-B26A-588632FCC427\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF2C61F8-B376-40F9-8677-CADCC3295915\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"795E3354-7824-4EF4-A788-3CFEB75734E4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de enteros en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un fichero artesanal FlashPix.\"}]",
      "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nApple, QuickTime Player, 7.1.3",
      "id": "CVE-2006-4388",
      "lastModified": "2024-11-21T00:15:50.233",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-09-12T23:07:00.000",
      "references": "[{\"url\": \"http://docs.info.apple.com/article.html?artnum=304357\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/21893\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29182\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200803-08.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/1554\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016830\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/200316\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/28770\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/445888/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19976\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3577\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28935\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=304357\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/21893\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29182\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200803-08.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/1554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016830\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/200316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/28770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/445888/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3577\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4388\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-09-12T23:07:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de enteros en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero artesanal FlashPix.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.1.2\",\"matchCriteriaId\":\"6C66A47A-7A0A-4D11-9FE8-E42A07D6E18D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41473E1D-B988-4312-B16B-D340508DD473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC2EBC0-F2A6-4709-9A27-CF63BC578744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"844E1B14-A13A-47F1-9C82-02EAEED1A911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80747BDD-70E9-4E74-896F-C79D014F1B2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA1E140B-BCB4-4B3C-B287-E9E944E08DB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CE0B67-0794-472D-A2C0-CC5CA0E36370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*\",\"matchCriteriaId\":\"B821AA3F-98E4-4AF2-8E7F-52D5FF8F5000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*\",\"matchCriteriaId\":\"D8239EEC-A7FA-45FC-8AE8-793A1F46B34C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"BC1B46A6-E032-4E24-B367-F5A94E770FC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*\",\"matchCriteriaId\":\"3195F233-6E2E-47CD-A882-4F01BECC40FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*\",\"matchCriteriaId\":\"CCD74F99-E8DD-4DF6-91AF-5AA443DB1921\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"6E0B99DA-3BDA-4848-85BB-EC0D002A73F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"5EDE46EA-5B6A-4B59-8BAA-CD803F6D5FD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B535737C-BF32-471C-B26A-588632FCC427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF2C61F8-B376-40F9-8677-CADCC3295915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795E3354-7824-4EF4-A788-3CFEB75734E4\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=304357\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/21893\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29182\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200803-08.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1554\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016830\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/200316\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/28770\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/445888/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19976\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3577\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28935\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=304357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/21893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200803-08.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/1554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/200316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/28770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/445888/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability is addressed in the following product release:\\r\\nApple, QuickTime Player, 7.1.3\"}}"
  }
}

VAR-200609-0314

Vulnerability from variot - Updated: 2024-07-23 22:19

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows.

Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.

Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed.

The risk rating for these issues is medium.

Vulnerable Systems

QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below

Vulnerability Information

CVE-2006-4382

Two buffer overflow vulnerabilities are present in QuickTime MOV format support.

CVE-2006-4384

On heap overflow vulnerability is present in QuickTime FLC format support.

CVE-2006-4385

One buffer overflow vulnerability is present in QuickTime SGI format support.

CVE-2006-4386

One buffer overflow vulnerability is present in QuickTime MOV H.264 format support.

CVE-2006-4388

One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support.

CVE-2006-4389

One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support.

Resolution

Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows.

Further information is available at: http://docs.info.apple.com/article.html?artnum=304357

Credits

These vulnerabilities were discovered by Mike Price of McAfee Avert Labs.

Legal Notice

Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.

McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Best regards,

Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs .

I. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.

Note that QuickTime ships with Apple iTunes.

For more information, please refer to the Vulnerability Notes.

II. For further information, please see the Vulnerability Notes.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.1.3.

Disable QuickTime in your web browser

An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document. Please send email to cert@cert.org with "TA06-256A Feedback VU#540348" in the subject.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

September 13, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Gentoo Linux Security Advisory GLSA 200803-08

                                        http://security.gentoo.org/

Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08

Synopsis

Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code.

Background

Win32 binary codecs provide support for video and audio playback.

Workaround

There is no known workaround at this time.

Resolution

All Win32 binary codecs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose

">=media-libs/win32codecs-20071007-r2"

Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback.

References

[ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200803-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0314",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "media-libs/win32codecs 20071007-r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "db": "BID",
        "id": "19976"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-4388",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-4388",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-20496",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4388",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#308204",
            "trust": 0.8,
            "value": "27.00"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#200316",
            "trust": 0.8,
            "value": "0.08"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#683700",
            "trust": 0.8,
            "value": "2.73"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#554252",
            "trust": 0.8,
            "value": "27.00"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#540348",
            "trust": 0.8,
            "value": "27.00"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-184",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20496",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. \nMcAfee, Inc. QuickTime is used by the Mac OS X operating system and\nby the QuickTime media player for Microsoft Windows. \n\nSeven code execution vulnerabilities are present in QuickTime support\nfor various multimedia formats including: MOV, H.264, FLC, FPX and SGI. \n\nExploitation could lead to execution of arbitrary code. User interaction\nis required for an attack to succeed. \n\nThe risk rating for these issues is medium. \n\n_________________________________________________\n\n*\tVulnerable Systems\n\nQuickTime 7.1.2 and below for Mac OS X\nQuickTime for Windows 7.1.2 and below\n\n_________________________________________________\n\n*\tVulnerability Information\n\nCVE-2006-4382\n\nTwo buffer overflow vulnerabilities are present in QuickTime MOV format\nsupport. \n\nCVE-2006-4384\n\nOn heap overflow vulnerability is present in QuickTime FLC format\nsupport. \n\nCVE-2006-4385\n\nOne buffer overflow vulnerability is present in QuickTime SGI format\nsupport. \n\nCVE-2006-4386\n\nOne buffer overflow vulnerability is present in QuickTime MOV H.264\nformat support. \n\nCVE-2006-4388\n\nOne buffer overflow vulnerability is present in QuickTime FlashPix (FPX)\nformat support. \n\nCVE-2006-4389\n\nOne uninitialized memory access vulnerability is present in QuickTime\nFlashPix (FPX) format support. \n\n_________________________________________________\n\n\n*\tResolution\n\nApple has included fixes for the QuickTime issues in QuickTime version\n7.1.3 for Mac OS X and for Microsoft Windows.  \n\nFurther information is available at:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\n_________________________________________________\n\n*\tCredits\n\nThese vulnerabilities were discovered by Mike Price of McAfee Avert\nLabs. \n\n_________________________________________________\n\n\n*\tLegal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the\nconvenience of McAfee\u0027s customers, and may be redistributed provided\nthat no fee is charged for distribution and that the advisory is not\nmodified in any way. McAfee makes no representations or warranties\nregarding the accuracy of the information referenced in this document,\nor the suitability of that information for your purposes. \n\nMcAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,\nInc. and/or its affiliated companies in the United States and/or other\nCountries.  All other registered and unregistered trademarks in this\ndocument are the sole property of their respective owners. \n\n\nBest regards,\n\nDave Marcus, B.A., CCNA, MCSE\nSecurity Research and Communications Manager\nMcAfee(r) Avert(r) Labs\n. \n\n\nI. Since QuickTime configures most web browsers to\n   handle QuickTime media files, an attacker could exploit these\n   vulnerabilities using a web page. \n\n   Note that QuickTime ships with Apple iTunes. \n\n   For more information, please refer to the Vulnerability Notes. \n\n\nII. For further information, please see\n   the Vulnerability Notes. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n   Upgrade to QuickTime 7.1.3. \n\nDisable QuickTime in your web browser\n\n   An attacker may be able to exploit this vulnerability by persuading\n   a user to access a specially crafted file with a web\n   browser. Disabling QuickTime in your web browser will defend\n   against this attack vector.  For more information, refer to the\n   Securing Your Web Browser document. Please send\n   email to \u003ccert@cert.org\u003e with \"TA06-256A Feedback VU#540348\" in the\n   subject. \n ____________________________________________________________________\n\n  Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n  \n\n   Revision History\n\n   September 13, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO\n8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s\nFzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa\nm19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE\npZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG\nR59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg==\n=nQVd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: Win32 binary codecs: Multiple vulnerabilities\n      Date: March 04, 2008\n      Bugs: #150288\n        ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n  [ 1 ] CVE-2006-4382\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n  [ 2 ] CVE-2006-4384\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n  [ 3 ] CVE-2006-4385\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n  [ 4 ] CVE-2006-4386\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n  [ 5 ] CVE-2006-4388\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n  [ 6 ] CVE-2006-4389\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n  [ 7 ] CVE-2007-4674\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n  [ 8 ] CVE-2007-6166\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "db": "BID",
        "id": "19976"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "db": "PACKETSTORM",
        "id": "50015"
      },
      {
        "db": "PACKETSTORM",
        "id": "50016"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      }
    ],
    "trust": 5.85
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "21893",
        "trust": 4.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4388",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "19976",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1016830",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "29182",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "1554",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "28770",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3577",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#308204",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA06-256A",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "28935",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-09-12",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200803-08",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-20496",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50016",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64267",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "db": "BID",
        "id": "19976"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "db": "PACKETSTORM",
        "id": "50015"
      },
      {
        "db": "PACKETSTORM",
        "id": "50016"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "id": "VAR-200609-0314",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20496"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:19:17.031000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2006-09-12",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.0,
        "url": "http://docs.info.apple.com/article.html?artnum=304357"
      },
      {
        "trust": 3.2,
        "url": "http://secunia.com/advisories/21893/"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/200316"
      },
      {
        "trust": 2.4,
        "url": "http://www.apple.com/support/downloads/quicktime713.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.apple.com/quicktime/download/standalone.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19976"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/28770"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016830"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21893"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29182"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/1554"
      },
      {
        "trust": 1.1,
        "url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3577"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.apple.com/quicktime/download/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4388"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/28935"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3577"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/308204"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/540348"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/554252"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/683700"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/445830"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/445831"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/445888"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=304357\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime713.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_713\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "db": "BID",
        "id": "19976"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "db": "PACKETSTORM",
        "id": "50015"
      },
      {
        "db": "PACKETSTORM",
        "id": "50016"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "db": "BID",
        "id": "19976"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "db": "PACKETSTORM",
        "id": "50015"
      },
      {
        "db": "PACKETSTORM",
        "id": "50016"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "date": "2006-09-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "date": "2006-09-12T00:00:00",
        "db": "BID",
        "id": "19976"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "date": "2006-09-14T07:22:52",
        "db": "PACKETSTORM",
        "id": "50015"
      },
      {
        "date": "2006-09-14T07:23:59",
        "db": "PACKETSTORM",
        "id": "50016"
      },
      {
        "date": "2008-03-04T22:49:07",
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "date": "2006-09-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "date": "2006-09-12T23:07:00",
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#308204"
      },
      {
        "date": "2006-09-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#200316"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#683700"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#554252"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#540348"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20496"
      },
      {
        "date": "2008-03-04T23:32:00",
        "db": "BID",
        "id": "19976"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001146"
      },
      {
        "date": "2013-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      },
      {
        "date": "2018-10-17T21:36:54.430000",
        "db": "NVD",
        "id": "CVE-2006-4388"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime fails to properly handle SGI images",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#308204"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-184"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2006-4388

Vulnerability from fkie_nvd - Published: 2006-09-12 23:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=304357
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html	Patch
cve@mitre.org	http://secunia.com/advisories/21893
cve@mitre.org	http://secunia.com/advisories/29182
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200803-08.xml
cve@mitre.org	http://securityreason.com/securityalert/1554
cve@mitre.org	http://securitytracker.com/id?1016830
cve@mitre.org	http://www.kb.cert.org/vuls/id/200316	US Government Resource
cve@mitre.org	http://www.osvdb.org/28770
cve@mitre.org	http://www.securityfocus.com/archive/1/445888/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19976	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3577
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28935
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=304357
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21893
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29182
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200803-08.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1554
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016830
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/200316	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/28770
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/445888/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19976	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3577
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28935

Impacted products

Vendor	Product	Version
apple	quicktime	*
apple	quicktime	5.0
apple	quicktime	5.0.1
apple	quicktime	5.0.2
apple	quicktime	6.0
apple	quicktime	6.1
apple	quicktime	6.5
apple	quicktime	6.5.1
apple	quicktime	6.5.2
apple	quicktime	6.5.2
apple	quicktime	6.5.2
apple	quicktime	7.0
apple	quicktime	7.0
apple	quicktime	7.0.1
apple	quicktime	7.0.1
apple	quicktime	7.0.1
apple	quicktime	7.0.1
apple	quicktime	7.0.2
apple	quicktime	7.0.2
apple	quicktime	7.0.3
apple	quicktime	7.0.4
apple	quicktime	7.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C66A47A-7A0A-4D11-9FE8-E42A07D6E18D",
              "versionEndIncluding": "7.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41473E1D-B988-4312-B16B-D340508DD473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCC2EBC0-F2A6-4709-9A27-CF63BC578744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "844E1B14-A13A-47F1-9C82-02EAEED1A911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80747BDD-70E9-4E74-896F-C79D014F1B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1E140B-BCB4-4B3C-B287-E9E944E08DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2CE0B67-0794-472D-A2C0-CC5CA0E36370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
              "matchCriteriaId": "B821AA3F-98E4-4AF2-8E7F-52D5FF8F5000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
              "matchCriteriaId": "D8239EEC-A7FA-45FC-8AE8-793A1F46B34C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BC1B46A6-E032-4E24-B367-F5A94E770FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
              "matchCriteriaId": "3195F233-6E2E-47CD-A882-4F01BECC40FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
              "matchCriteriaId": "CCD74F99-E8DD-4DF6-91AF-5AA443DB1921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E0B99DA-3BDA-4848-85BB-EC0D002A73F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5EDE46EA-5B6A-4B59-8BAA-CD803F6D5FD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en Apple QuickTime anterior a 7.1.3 permite a un atacante con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero artesanal FlashPix."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nApple, QuickTime Player, 7.1.3",
  "id": "CVE-2006-4388",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-09-12T23:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=304357"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21893"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29182"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1554"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016830"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/200316"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28770"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19976"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=304357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/200316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-390

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans Apple QuickTime. Une personne malveillante pourrait construire des fichiers multimédia particuliers, afin d'exécuter des commandes arbitraires sur le système qui ouvrirait ceux-ci avec une version de QuickTime vulnérable.

Description

QuickTime est une application fournie par Apple pour lire des fichiers multimédia (musique ou vidéo par exemple).

Plusieurs vulnérabilités ont été identifiées dans ce dernier. Il ne manipulerait pas correctement certains fichiers multimédias dans les formats suivants :

H.264, aussi appelé MPEG-4 AVC ;
FLC ;
FlashPix ;
SGI.

Une personne malveillante pourrait construire des fichiers multimédia particuliers, afin d'exécuter des commandes arbitraires sur le système qui ouvrirait ceux-ci avec une version de QuickTime vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur Apple pour l'obtention des correctifs (cf. section Documentation).

La version 7.1.3 de QuickTime pour systèmes d'exploitation Apple MacOS X ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 304357 du 12 septembre 2006	None	vendor-advisory
Bulletin de sécurité Apple du 12 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLa version 7.1.3 de QuickTime pour syst\u00e8mes d\u0027exploitation  Apple MacOS X ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nQuickTime est une application fournie par Apple pour lire des fichiers\nmultim\u00e9dia (musique ou vid\u00e9o par exemple).\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans ce dernier. Il ne\nmanipulerait pas correctement certains fichiers multim\u00e9dias dans les\nformats suivants :\n\n-   H.264, aussi appel\u00e9 MPEG-4 AVC ;\n-   FLC ;\n-   FlashPix ;\n-   SGI.\n\nUne personne malveillante pourrait construire des fichiers multim\u00e9dia\nparticuliers, afin d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nqui ouvrirait ceux-ci avec une version de QuickTime vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4386"
    },
    {
      "name": "CVE-2006-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4382"
    },
    {
      "name": "CVE-2006-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4385"
    },
    {
      "name": "CVE-2006-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4381"
    },
    {
      "name": "CVE-2006-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4389"
    },
    {
      "name": "CVE-2006-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4384"
    },
    {
      "name": "CVE-2006-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4388"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 12 septembre 2006 :",
      "url": "http://docs.info.apple.com/article.html?artnum=304357"
    }
  ],
  "reference": "CERTA-2006-AVI-390",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Apple QuickTime. Une\npersonne malveillante pourrait construire des fichiers multim\u00e9dia\nparticuliers, afin d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nqui ouvrirait ceux-ci avec une version de QuickTime vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 304357 du 12 septembre 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-390

Vulnerability from certfr_avis - Published: - Updated:

Description

QuickTime est une application fournie par Apple pour lire des fichiers multimédia (musique ou vidéo par exemple).

Plusieurs vulnérabilités ont été identifiées dans ce dernier. Il ne manipulerait pas correctement certains fichiers multimédias dans les formats suivants :

H.264, aussi appelé MPEG-4 AVC ;
FLC ;
FlashPix ;
SGI.

Solution

Se référer au bulletin de sécurité de l'éditeur Apple pour l'obtention des correctifs (cf. section Documentation).

La version 7.1.3 de QuickTime pour systèmes d'exploitation Apple MacOS X ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 304357 du 12 septembre 2006	None	vendor-advisory
Bulletin de sécurité Apple du 12 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLa version 7.1.3 de QuickTime pour syst\u00e8mes d\u0027exploitation  Apple MacOS X ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nQuickTime est une application fournie par Apple pour lire des fichiers\nmultim\u00e9dia (musique ou vid\u00e9o par exemple).\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans ce dernier. Il ne\nmanipulerait pas correctement certains fichiers multim\u00e9dias dans les\nformats suivants :\n\n-   H.264, aussi appel\u00e9 MPEG-4 AVC ;\n-   FLC ;\n-   FlashPix ;\n-   SGI.\n\nUne personne malveillante pourrait construire des fichiers multim\u00e9dia\nparticuliers, afin d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nqui ouvrirait ceux-ci avec une version de QuickTime vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4386"
    },
    {
      "name": "CVE-2006-4382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4382"
    },
    {
      "name": "CVE-2006-4385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4385"
    },
    {
      "name": "CVE-2006-4381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4381"
    },
    {
      "name": "CVE-2006-4389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4389"
    },
    {
      "name": "CVE-2006-4384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4384"
    },
    {
      "name": "CVE-2006-4388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4388"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 12 septembre 2006 :",
      "url": "http://docs.info.apple.com/article.html?artnum=304357"
    }
  ],
  "reference": "CERTA-2006-AVI-390",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Apple QuickTime. Une\npersonne malveillante pourrait construire des fichiers multim\u00e9dia\nparticuliers, afin d\u0027ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me\nqui ouvrirait ceux-ci avec une version de QuickTime vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 304357 du 12 septembre 2006",
      "url": null
    }
  ]
}

GSD-2006-4388

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

Aliases

CVE-2006-4388

Aliases

CVE-2006-4388

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4388",
    "description": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.",
    "id": "GSD-2006-4388"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4388"
      ],
      "details": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.",
      "id": "GSD-2006-4388",
      "modified": "2023-12-13T01:19:52.185980Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4388",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28770",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/28770"
          },
          {
            "name": "20060913 Multiple Vulnerabilities in Apple QuickTime",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
          },
          {
            "name": "1016830",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016830"
          },
          {
            "name": "quicktime-flashpix-bo(28935)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
          },
          {
            "name": "21893",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21893"
          },
          {
            "name": "19976",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19976"
          },
          {
            "name": "GLSA-200803-08",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
          },
          {
            "name": "1554",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1554"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=304357",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=304357"
          },
          {
            "name": "VU#200316",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/200316"
          },
          {
            "name": "APPLE-SA-2006-09-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
          },
          {
            "name": "ADV-2006-3577",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3577"
          },
          {
            "name": "29182",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29182"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4388"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2006-09-12",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
            },
            {
              "name": "19976",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/19976"
            },
            {
              "name": "21893",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21893"
            },
            {
              "name": "VU#200316",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/200316"
            },
            {
              "name": "1016830",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016830"
            },
            {
              "name": "28770",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/28770"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=304357",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=304357"
            },
            {
              "name": "1554",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1554"
            },
            {
              "name": "GLSA-200803-08",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
            },
            {
              "name": "29182",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29182"
            },
            {
              "name": "ADV-2006-3577",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3577"
            },
            {
              "name": "quicktime-flashpix-bo(28935)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
            },
            {
              "name": "20060913 Multiple Vulnerabilities in Apple QuickTime",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-17T21:36Z",
      "publishedDate": "2006-09-12T23:07Z"
    }
  }
}

GHSA-V5F9-H45Q-5XF7

Vulnerability from github – Published: 2022-05-01 07:18 – Updated: 2022-05-01 07:18

Details

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4388"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-12T23:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.",
  "id": "GHSA-v5f9-h45q-5xf7",
  "modified": "2022-05-01T07:18:01Z",
  "published": "2022-05-01T07:18:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4388"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28935"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=304357"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21893"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29182"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1554"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016830"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/200316"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/28770"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19976"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4388 (GCVE-0-2006-4388)

VAR-200609-0314

Synopsis

Background

Workaround

Resolution

References

Availability

Concerns?

License

FKIE_CVE-2006-4388

CERTA-2006-AVI-390

Description

Solution

CERTA-2006-AVI-390

Description

Solution

GSD-2006-4388

GHSA-V5F9-H45Q-5XF7

Tags

Sightings

Nomenclature