var-200703-0012
Vulnerability from variot
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-010.html March 7, 2007
-- CVE ID: CVE-2007-0714
-- Affected Vendor: Apple
-- Affected Products: Quicktime Player 7.1
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since May 23, 2006 by the pre-existing Digital Vaccine protection filter ID 4411.
-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at:
http://docs.info.apple.com/article.html?artnum=61798
-- Disclosure Timeline: 2006.05.23 - Pre-existing Digital Vaccine released to TippingPoint customers 2006.08.14 - Vulnerability reported to vendor 2007.03.07 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Apple QuickTime udta ATOM Integer Overflow
By Sowhat of Nevis Labs Date: 2007.03.06
http://www.nevisnetworks.com http://secway.org/advisory/AD20070306.txt http://secway.org/advisory/AD20060512.txt
CVE: CVE-2007-0714
Vendor: Apple Inc.
The CVE-2006-1460 does not patch the root cause of this vulnerability.
The layout of a udta(user data atom) atom:
Bytes
| User data atom | | Atom size | 4 | Type = 'udta' | 4 | | | User data list | | Atom size | 4 | Type = user data types| 4 | |
By setting the value of the Atom size to a large value such as 0xFFFFFFFF, an insufficiently-sized heap block will be allocated, and resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function.
Vendor Response:
2006.05.06 Vendor notified via product-security@apple.com 2006.05.07 Vendor responded 2006.05.09 Vendor ask for more information 2006.05.11 Vendor released QuickTime 7.1, the code path was influenced, but the root cause was not fixed. 2007.03.06 Vendor released the fixed version 2007.03.06 Advisory release
Reference: 1. http://developer.apple.com/documentation/QuickTime/QTFF/index.html 2. http://docs.info.apple.com/article.html?artnum=305149 3. http://secway.org/advisory/AD20060512.txt
-- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 5.6,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.4.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.3.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:windows:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.2.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:-:mac:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.4.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.3.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.1:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0.0:-:mac:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-010"
}
],
"trust": 0.7
},
"cve": "CVE-2007-0714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0714",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-24076",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0714",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-168",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24076",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-010.html\nMarch 7, 2007\n\n-- CVE ID:\nCVE-2007-0714\n\n-- Affected Vendor:\nApple\n\n-- Affected Products:\nQuicktime Player 7.1\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since May 23, 2006 by the pre-existing Digital Vaccine\nprotection filter ID 4411. \n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More details\ncan be found at:\n\nhttp://docs.info.apple.com/article.html?artnum=61798\n\n-- Disclosure Timeline:\n2006.05.23 - Pre-existing Digital Vaccine released to TippingPoint \ncustomers\n2006.08.14 - Vulnerability reported to vendor\n2007.03.07 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. Apple QuickTime udta ATOM Integer Overflow\n\n\nBy Sowhat of Nevis Labs\nDate: 2007.03.06\n\n\nhttp://www.nevisnetworks.com\nhttp://secway.org/advisory/AD20070306.txt\nhttp://secway.org/advisory/AD20060512.txt\n\nCVE:\tCVE-2007-0714\n\nVendor:\nApple Inc. \n\nThe CVE-2006-1460 does not patch the root cause of this vulnerability. \n\nThe layout of a udta(user data atom) atom:\n\n Bytes\n _______________________\t\t\t\t\t\t\t\t\t\t\t\n | User data atom |\n | Atom size | 4\n | Type = \u0027udta\u0027 | 4\n | |\n | User data list |\n | Atom size | 4\n | Type = user data types| 4\n | |\n -----------------------\n\n\n\nBy setting the value of the Atom size to a large value such as 0xFFFFFFFF,\nan insufficiently-sized heap block will be allocated, and resulting in a\nclassic complete heap memory overwrite during the RtlAllocateHeap() function. \n\n\n\n\nVendor Response:\n\n2006.05.06\tVendor notified via product-security@apple.com\n2006.05.07\tVendor responded\n2006.05.09\tVendor ask for more information\n2006.05.11\tVendor released QuickTime 7.1, the code path was\ninfluenced, but the root cause was not fixed. \n2007.03.06\tVendor released the fixed version\n2007.03.06\tAdvisory release\n\n\n\nReference:\n1. http://developer.apple.com/documentation/QuickTime/QTFF/index.html\n2. http://docs.info.apple.com/article.html?artnum=305149\n3. http://secway.org/advisory/AD20060512.txt\n\n\n\n\n\n\n-- \nSowhat\nhttp://secway.org\n\"Life is like a bug, Do you know how to exploit it ?\"\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0714"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
}
],
"trust": 8.1
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-24076",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24076"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 8.4
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 8.1
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 7.3
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 5.6
},
{
"db": "NVD",
"id": "CVE-2007-0714",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 3.3
},
{
"db": "BID",
"id": "22844",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33902",
"trust": 1.7
},
{
"db": "XF",
"id": "32819",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-093",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070307 ZDI-07-010: APPLE QUICKTIME UDTA PARSING HEAP OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070306 APPLE QUICKTIME UDTA ATOM INTEGER OVERFLOW",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070306 APPLE QUICKTIME UDTA ATOM INTEGER OVERFLOW",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "54955",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "54935",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-24076",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"id": "VAR-200703-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24076"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:56:37.438000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.1,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 7.7,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 5.6,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 5.6,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 5.6,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 4.8,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 3.0,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.6,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 2.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0003.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33902"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32819"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/461999/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/462153/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32819"
},
{
"trust": 0.9,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.9,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0714"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0714"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/462153/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/461999/100/0/threaded"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.3,
"url": "/archive/1/461999"
},
{
"trust": 0.3,
"url": "/archive/1/462153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0714"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://secway.org"
},
{
"trust": 0.1,
"url": "http://www.nevisnetworks.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"db": "VULHUB",
"id": "VHN-24076"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"db": "PACKETSTORM",
"id": "54955"
},
{
"db": "PACKETSTORM",
"id": "54935"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24076"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-06T00:00:00",
"db": "BID",
"id": "22844"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"date": "2007-03-09T02:32:27",
"db": "PACKETSTORM",
"id": "54955"
},
{
"date": "2007-03-08T23:35:46",
"db": "PACKETSTORM",
"id": "54935"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-07-010"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-24076"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-03-07T20:05:00",
"db": "BID",
"id": "22844"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000194"
},
{
"date": "2013-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-168"
},
{
"date": "2018-10-30T16:25:17.370000",
"db": "NVD",
"id": "CVE-2007-0714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Quicktime UDTA ATOM Integer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "22844"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-168"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "22827"
},
{
"db": "BID",
"id": "22844"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.