1. CVE-Search
  2. CVE-2007-0714
ID CVE-2007-0714
Summary Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. This vulnerability is addressed in latest version of Quicktime 7.1.5
References
Vulnerable Configurations
  • cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.4:-:windows:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:4.1.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:4.1.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.2.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.2.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.3.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.3.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.4.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.4.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.3:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.3:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.4:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.4:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.3:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.3:-:mac:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
apple APPLE-SA-2007-03-05
bid
  • 22827
  • 22844
bugtraq
  • 20070306 Apple QuickTime udta ATOM Integer Overflow
  • 20070307 ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability
cert TA07-065A
cert-vn VU#861817
confirm http://docs.info.apple.com/article.html?artnum=305149
fulldisc 20070306 Apple QuickTime udta ATOM Integer Overflow
misc
osvdb 33902
sectrack 1017725
secunia 24359
vupen ADV-2007-0825
xf quicktime-udta-atoms-overflow(32819)
Last major update 30-10-2018 - 16:25
Published 05-03-2007 - 22:19
Last modified 30-10-2018 - 16:25
Back to Top