var-200703-0016
Vulnerability from variot
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0715). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-065A
Apple Releases Security Updates for QuickTime
Original release date: March 06, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes Database.
II. For further information, please see the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update.
On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715>
* About the security content of the QuickTime 7.1.5 Update -
<http://docs.info.apple.com/article.html?artnum=305149>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.1.5 for Windows -
<http://www.apple.com/support/downloads/quicktime715forwindows.html>
* Apple QuickTime 7.1.5 for Mac -
<http://www.apple.com/support/downloads/quicktime715formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-065A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-065A Feedback VU#568689" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
March 06, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- .
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24359
VERIFY ADVISORY: http://secunia.com/advisories/24359/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the handling of UDTA atoms in movie files.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
SOLUTION: Update to version 7.1.5.
Mac OS X: http://www.apple.com/quicktime/download/mac.html
Windows: http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149
Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 6.4,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JJ Reyes\nMike Price\niotr Bania\nArtur Ogloza\nPiotr Bania\u203b bania.piotr@gmail.com\u203bSowhat\u203b smaillist@gmail.com\u203bhttp://www.zerodayinitiative.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0715",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-24077",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0715",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#568689",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#880561",
"trust": 0.8,
"value": "6.64"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#822481",
"trust": 0.8,
"value": "9.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#861817",
"trust": 0.8,
"value": "17.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#448745",
"trust": 0.8,
"value": "4.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#313225",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#410993",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642433",
"trust": 0.8,
"value": "16.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-24077",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. \nThese issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. \nFew details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. \nQuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime\u0027s processing of various media formats. (CVE-2007-0715). \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-065A\n\n\nApple Releases Security Updates for QuickTime\n\n Original release date: March 06, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. An attacker\n could exploit these vulnerabilities by convincing a user to access a\n specially crafted image or media file with a vulnerable version of\n QuickTime. Since QuickTime configures most web browsers to handle\n QuickTime media files, an attacker could exploit these vulnerabilities\n using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes\n Database. \n\n\nII. For further information, please see the Vulnerability Notes\n Database. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are\n available via Apple Update. \n\n On Microsoft Windows the QuickTime built-in auto-update mechanism may\n not detect this release. Instead, Windows users should check for\n updates using Apple Software Update or install the update manually. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading a\n user to access a specially crafted file with a web browser. Disabling\n QuickTime in your web browser will defend against this attack vector. \n For more information, refer to the Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_715\u003e\n\n * About the security content of the QuickTime 7.1.5 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=305149\u003e\n\n * How to tell if Software Update for Windows is working correctly\n when no updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple QuickTime 7.1.5 for Windows -\n \u003chttp://www.apple.com/support/downloads/quicktime715forwindows.html\u003e\n\n * Apple QuickTime 7.1.5 for Mac -\n \u003chttp://www.apple.com/support/downloads/quicktime715formac.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-065A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-065A Feedback VU#568689\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n March 06, 2007: Initial release\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u\nK7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p\nmRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz\n35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA\n74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO\nZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg==\n=5/kY\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24359\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24359/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which\npotentially can be exploited by malicious people to compromise a\nuser\u0027s system. \n\n1) An integer overflow error exists in the handling of 3GP video\nfiles. \n\n2) A boundary error in the handling of MIDI files can be exploited to\ncause a heap-based buffer overflow. \n\n4) An integer overflow exists in the handling of UDTA atoms in movie\nfiles. \n\n6) A boundary error in the handling of QTIF files can be exploited to\ncause a stack-based buffer overflow. \n\n7) An integer overflow exists in the handling of QTIF files. \n\n8) An input validation error exists in the processing of QTIF files. \nThis can be exploited to cause a heap corruption via a specially\ncrafted QTIF file with the \"Color Table ID\" field set to \"0\". \n\nSOLUTION:\nUpdate to version 7.1.5. \n\nMac OS X:\nhttp://www.apple.com/quicktime/download/mac.html\n\nWindows:\nhttp://www.apple.com/quicktime/download/win.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JJ Reyes\n2,5,6,7) Mike Price, McAfee AVERT Labs\n3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza\n4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. \n8) Ruben Santamarta via iDefense and JJ Reyes\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=305149\n\nPiotr Bania:\nhttp://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0715"
},
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
}
],
"trust": 7.92
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "22827",
"trust": 9.2
},
{
"db": "SECUNIA",
"id": "24359",
"trust": 9.0
},
{
"db": "SECTRACK",
"id": "1017725",
"trust": 8.1
},
{
"db": "AUSCERT",
"id": "AL-2007.0031",
"trust": 6.4
},
{
"db": "CERT/CC",
"id": "VU#448745",
"trust": 3.6
},
{
"db": "USCERT",
"id": "TA07-065A",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-0715",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0825",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33901",
"trust": 1.7
},
{
"db": "XF",
"id": "32821",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#568689",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#880561",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#822481",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#861817",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#313225",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#410993",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#642433",
"trust": 1.1
},
{
"db": "BID",
"id": "22843",
"trust": 0.8
},
{
"db": "BID",
"id": "22844",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-07-010",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA07-065A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA07-065A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24077",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54850",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"id": "VAR-200703-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24077"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:06:48.011000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"title": "QuickTime 7.1.5",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/download/win.html"
},
{
"title": "QuickTime 7.1.5 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html"
},
{
"title": "QuickTime 7.1.5 for Mac",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 8.9,
"url": "http://www.securityfocus.com/bid/22827"
},
{
"trust": 8.2,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 6.5,
"url": "http://secunia.com/advisories/24359/"
},
{
"trust": 6.4,
"url": "http://www.auscert.org.au/7356"
},
{
"trust": 6.4,
"url": "http://www.ciac.org/ciac/bulletins/r-171.shtml "
},
{
"trust": 5.6,
"url": "http://securitytracker.com/id?1017725 "
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"trust": 2.7,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1017725"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24359"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676"
},
{
"trust": 2.4,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 2.4,
"url": "http://www.mozilla.org/support/firefox/faq"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33901"
},
{
"trust": 1.6,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0825"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/32821"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32821"
},
{
"trust": 0.9,
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"trust": 0.9,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/.mov"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22843"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/musical_instrument_digital_interface"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/index.html"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20070306.txt"
},
{
"trust": 0.8,
"url": "http://secway.org/advisory/ad20060512.txt"
},
{
"trust": 0.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-010.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/22844"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/pict"
},
{
"trust": 0.8,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=46"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0715"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-065a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0715"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa07-065a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20070306_153534.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45ec9719.10206@idefense.com"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/822481"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715formac.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-065a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_715\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime715forwindows.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=305149\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/win.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/mac.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568689"
},
{
"db": "CERT/CC",
"id": "VU#880561"
},
{
"db": "CERT/CC",
"id": "VU#822481"
},
{
"db": "CERT/CC",
"id": "VU#861817"
},
{
"db": "CERT/CC",
"id": "VU#448745"
},
{
"db": "CERT/CC",
"id": "VU#313225"
},
{
"db": "CERT/CC",
"id": "VU#410993"
},
{
"db": "CERT/CC",
"id": "VU#642433"
},
{
"db": "VULHUB",
"id": "VHN-24077"
},
{
"db": "BID",
"id": "22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "PACKETSTORM",
"id": "54850"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-06T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2007-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24077"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"date": "2007-03-09T00:22:35",
"db": "PACKETSTORM",
"id": "54941"
},
{
"date": "2007-03-08T00:54:52",
"db": "PACKETSTORM",
"id": "54850"
},
{
"date": "2007-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"date": "2007-03-05T22:19:00",
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#568689"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#880561"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#822481"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#861817"
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#448745"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#313225"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#410993"
},
{
"date": "2007-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#642433"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-24077"
},
{
"date": "2007-03-06T21:05:00",
"db": "BID",
"id": "22827"
},
{
"date": "2007-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000195"
},
{
"date": "2007-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-183"
},
{
"date": "2017-07-29T01:30:21.843000",
"db": "NVD",
"id": "CVE-2007-0715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54941"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 3GP integer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-183"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.