var-200512-0294
Vulnerability from variot

Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TGA image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04

Apple QuickTime Player Improper Memory Access Vulnerability

Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info

Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in the Apple QuickTime Player.

Impact : Execute arbitrary code

Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update.

Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update.

Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability.

Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

             Technical Cyber Security Alert TA06-011A

Apple QuickTime Vulnerabilities

Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT

Systems Affected

Apple QuickTime on systems running

 * Apple Mac OS X
 * Microsoft Windows XP
 * Microsoft Windows 2000

Overview

Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.

I. Description

Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713)

II. Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service.

III. Solution

Upgrade

Upgrade to QuickTime 7.0.4.

Appendix A. References

 * US-CERT Vulnerability Note VU#629845 -
   <http://www.kb.cert.org/vuls/id/629845>

 * US-CERT Vulnerability Note VU#921193 -
   <http://www.kb.cert.org/vuls/id/921193>

 * US-CERT Vulnerability Note VU#115729 -
   <http://www.kb.cert.org/vuls/id/115729>

 * US-CERT Vulnerability Note VU#150753 -
   <http://www.kb.cert.org/vuls/id/150753>

 * US-CERT Vulnerability Note VU#913449 -
   <http://www.kb.cert.org/vuls/id/913449>

 * CVE-2005-2340 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>

 * CVE-2005-4092 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>

 * CVE-2005-3707 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>

 * CVE-2005-3710 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>

 * CVE-2005-3713 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>

 * Security Content for QuickTime 7.0.4 -
   <http://docs.info.apple.com/article.html?artnum=303101>

 * QuickTime 7.0.4 -
   <http://www.apple.com/support/downloads/quicktime704.html>

 * About the Mac OS X 10.4.4 Update (Delta) -
   <http://docs.info.apple.com/article.html?artnum=302810>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-011A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.


For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


Produced 2006 by US-CERT, a government organization.

Terms of use:

 <http://www.us-cert.gov/legal.html>

Revision History

January 11, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0294",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "windows 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "BID",
        "id": "16872"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dejun Meng",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2005-3707",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-14915",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3707",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#921193",
            "trust": 0.8,
            "value": "43.88"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#629845",
            "trust": 0.8,
            "value": "18.23"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#115729",
            "trust": 0.8,
            "value": "3.85"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#150753",
            "trust": 0.8,
            "value": "32.63"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#913449",
            "trust": 0.8,
            "value": "3.85"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-710",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14915",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. \nThis issue presents itself when the application processes a specially crafted TGA image file. \nA successful attack can result in a remote compromise. \nVersions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04\n\nApple QuickTime Player Improper Memory Access Vulnerability\n\nAdvisory Date      : January 12, 2006\nReported Date      : November 28, 2005\nVendor             : Apple computers\nAffected Products  : Apple QuickTime Player v7.0.3\nSeverity           : High\nReference      : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\n                 http://docs.info.apple.com/article.html?artnum=303101\n                 http://www.securityfocus.com/bid/16202/info\n\nDescription        :  Fortinet Security Research Team (FSRT) has\ndiscovered a Improper Memory Access Vulnerability in the Apple QuickTime\nPlayer. \n\nImpact             : Execute arbitrary code\n\nSolution           : Apple Computers has released a security update for\nthis vulnerability, which is available for downloading from Apples\u0027s web\nsite under security update. \n\nFortinet Protection: Fortinet is protecting network from this\nvulnerability with latest IPS update. \n\nAcknowledgment     : Dejun Meng of Fortinet Security Research team found\nthis vulnerability. \n\nDisclaimer         : Although Fortinet has attempted to provide accurate\ninformation in these materials, Fortinet assumes no legal responsibility\nfor the accuracy or completeness of the information. Please note that\nFortinet\u0027s product information does not constitute or contain any\nguarantee, warranty or legally binding representation, unless expressly\nidentified as such in a duly signed writing. \n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n   \n                        National Cyber Alert System\n\n                 Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n   Original release date: January 11, 2006\n   Last revised: January 11, 2006\n   Source: US-CERT\n\nSystems Affected\n\n   Apple QuickTime on systems running\n\n     * Apple Mac OS X\n     * Microsoft Windows XP\n     * Microsoft Windows 2000\n\n\nOverview\n\n   Apple has released QuickTime 7.0.4 to correct multiple\n   vulnerabilities. The impacts of these vulnerabilities include\n   execution of arbitrary code and denial of service. \n\n\nI. Description\n\n   Apple QuickTime 7.0.4 resolves a number of image and media file\n   handling vulnerabilities. \n   (CAN-2005-3713)\n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. For information about\n   specific impacts, please see the Vulnerability Notes. Potential\n   consequences include remote execution of arbitrary code or commands\n   and denial of service. \n\n\nIII. Solution\n\nUpgrade\n\n   Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n     * US-CERT Vulnerability Note VU#629845 -\n       \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n     * US-CERT Vulnerability Note VU#921193 -\n       \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n     * US-CERT Vulnerability Note VU#115729 -\n       \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n     * US-CERT Vulnerability Note VU#150753 -\n       \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n     * US-CERT Vulnerability Note VU#913449 -\n       \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n     * CVE-2005-2340 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n     * CVE-2005-4092 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n     * CVE-2005-3707 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n     * CVE-2005-3710 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n     * CVE-2005-3713 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n     * Security Content for QuickTime 7.0.4 -\n       \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n     * QuickTime 7.0.4 -\n       \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n     * About the Mac OS X 10.4.4 Update (Delta) -\n       \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n   January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      },
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "BID",
        "id": "16872"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      }
    ],
    "trust": 5.76
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "18370",
        "trust": 4.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3707",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "16202",
        "trust": 2.6
      },
      {
        "db": "USCERT",
        "id": "TA06-011A",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#921193",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015464",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0128",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "22336",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "22337",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1015466",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA06-011A",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8393\u203b8395\u203b8392\u203b8394",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8395",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8392",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8393",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8394",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "24056",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20060112 FORTINET SECURITY ADVISORY: \"APPLE QUICKTIME PLAYER IMPROPER MEMORY ACCESS VULNERABILITY\"",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-01-10",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "16872",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "43080",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-14915",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43062",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "db": "BID",
        "id": "16872"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "id": "VAR-200512-0294",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14915"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T22:24:53.234000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Download the Standalone QuickTime Player",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/quicktime/download/standalone.html"
      },
      {
        "title": "TA23845",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ta23845?viewlocale=ja_jp"
      },
      {
        "title": "TA06-011A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.0,
        "url": "http://docs.info.apple.com/article.html?artnum=303101"
      },
      {
        "trust": 3.2,
        "url": "http://secunia.com/advisories/18370/"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/16202"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/115729"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/22336"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1015464"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18370"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/0128"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707"
      },
      {
        "trust": 0.8,
        "url": "http://www.eeye.com/html/research/advisories/ad20060111a.html"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337"
      },
      {
        "trust": 0.8,
        "url": "http://www.eeye.com/html/research/advisories/ad20060111d.html"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2006/jan/1015466.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-011a/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/629845"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/921193"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/150753"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/913449"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/0128"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/24056"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/8393\u203b8395\u203b8392\u203b8394"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.securityfocus.com/bid/16202/info"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/913449\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/629845\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=302810\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/115729\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime704.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/921193\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/150753\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=303101\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "db": "BID",
        "id": "16872"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "db": "BID",
        "id": "16872"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "date": "2006-01-10T00:00:00",
        "db": "BID",
        "id": "16872"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "date": "2006-01-15T16:45:18",
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "date": "2006-01-15T15:39:24",
        "db": "PACKETSTORM",
        "id": "43062"
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "date": "2005-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-01-12T00:00:00",
        "db": "CERT/CC",
        "id": "VU#921193"
      },
      {
        "date": "2006-01-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#629845"
      },
      {
        "date": "2006-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#115729"
      },
      {
        "date": "2006-01-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#150753"
      },
      {
        "date": "2006-01-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#913449"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14915"
      },
      {
        "date": "2008-05-01T21:36:00",
        "db": "BID",
        "id": "16872"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000858"
      },
      {
        "date": "2006-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      },
      {
        "date": "2017-07-11T01:33:17.330000",
        "db": "NVD",
        "id": "CVE-2005-3707"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "43080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime fails to properly handle corrupt media files",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#921193"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-710"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.