Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-112
Vulnerability from certfr_avis
Plusieurs vulnérabilités ont été identifiées dans le logiciel Apple QuickTime. Elles permettraient à une personne malveillante qui les exploiteraient de perturber l'application, voire d'exécuter des commandes arbitraires sur le système ayant une version vulnérable.
Description
Plusieurs vulnérabilités ont été identifiées dans le lecteur multimedia Apple QuickTime. Elles concernent une mauvaise manipulation de fichiers aux formats suivants :
- 3rd Generation Partnership Project (extensions de fichier : .3gp ou .3g2). Il s'agit d'un format de vidéos compressées prévues pour être diffusées sur les réseaux mobiles dits de troisième génération (3G).
- MIDI, ou Musical Instrument Digital Interface (extension .smf). Il s'agit d'un format destiné intialement à faire communiquer les instruments électroniques.
- Quicktime (extension : .mov). Il s'agit d'un format permettant de regrouper plusieurs types de données (texte, video ou audio par exemple).
- PICT (extension : .pct). Il s'agit d'un format vectoriel interne au fonctionnement de Macintosh.
- QTIF, ou Quicktime Image File Format (extension : .qif). Il s'agit d'un format permettant de regrouper plusieurs images compressées.
Ces vulnérabilités permettraient à une personne malveillante qui les exploiteraient de perturber l'application, voire d'exécuter des commandes arbitraires sur le système ayant une version vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions de QuickTime antérieures à 7.1.5, pour Apple Mac OS ou Microsoft Windows.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eLes versions de QuickTime ant\u00e9rieures \u00e0 7.1.5, pour Apple Mac OS ou Microsoft Windows.\u003c/P\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multimedia\nApple QuickTime. Elles concernent une mauvaise manipulation de fichiers\naux formats suivants :\n\n- 3rd Generation Partnership Project (extensions de fichier : .3gp ou\n .3g2). Il s\u0027agit d\u0027un format de vid\u00e9os compress\u00e9es pr\u00e9vues pour \u00eatre\n diffus\u00e9es sur les r\u00e9seaux mobiles dits de troisi\u00e8me g\u00e9n\u00e9ration (3G).\n- MIDI, ou Musical Instrument Digital Interface (extension .smf). Il\n s\u0027agit d\u0027un format destin\u00e9 intialement \u00e0 faire communiquer les\n instruments \u00e9lectroniques.\n- Quicktime (extension : .mov). Il s\u0027agit d\u0027un format permettant de\n regrouper plusieurs types de donn\u00e9es (texte, video ou audio par\n exemple).\n- PICT (extension : .pct). Il s\u0027agit d\u0027un format vectoriel interne au\n fonctionnement de Macintosh.\n- QTIF, ou Quicktime Image File Format (extension : .qif). Il s\u0027agit\n d\u0027un format permettant de regrouper plusieurs images compress\u00e9es.\n\nCes vuln\u00e9rabilit\u00e9s permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-4965",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4965"
},
{
"name": "CVE-2007-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0714"
},
{
"name": "CVE-2007-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0718"
},
{
"name": "CVE-2007-0712",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0712"
},
{
"name": "CVE-2007-0716",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0716"
},
{
"name": "CVE-2007-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0711"
},
{
"name": "CVE-2007-0717",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0717"
},
{
"name": "CVE-2007-0713",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0713"
},
{
"name": "CVE-2007-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0715"
}
],
"initial_release_date": "2007-03-07T00:00:00",
"last_revision_date": "2007-03-07T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 iDefense du 05 mars 2007 :",
"url": "http://www.idefense.com/application/poi/display?id=486"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 06 mars 2007 :",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"reference": "CERTA-2007-AVI-112",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le logiciel Apple\nQuickTime. Elles permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 305149 du 06 mars 2007",
"url": null
}
]
}
CVE-2007-0711 (GCVE-0-2007-0711)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#568689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "33905",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33905"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "quicktime-3gpvideo-overflow(32814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#568689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "33905",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33905"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "quicktime-3gpvideo-overflow(32814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#568689",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/568689"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "33905",
"refsource": "OSVDB",
"url": "http://osvdb.org/33905"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "quicktime-3gpvideo-overflow(32814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0711",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0713 (GCVE-0-2007-0713)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#880561",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"name": "quicktime-quicktime-bo(32817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "20070306 Apple QuickTime Player Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "22843",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#880561",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"name": "quicktime-quicktime-bo(32817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "20070306 Apple QuickTime Player Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "22843",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#880561",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/880561"
},
{
"name": "quicktime-quicktime-bo(32817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32817"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt",
"refsource": "MISC",
"url": "http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "20070306 Apple QuickTime Player Remote Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461983/100/0/threaded"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "22843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0713",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0716 (GCVE-0-2007-0716)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-qtif-bo(32822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32822"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "VU#642433",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33900"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-qtif-bo(32822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32822"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "VU#642433",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33900"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-qtif-bo(32822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32822"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "VU#642433",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/642433"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "33900",
"refsource": "OSVDB",
"url": "http://osvdb.org/33900"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0716",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4965 (GCVE-0-2006-4965)
Vulnerability from cvelistv5
Published
2006-09-25 00:00
Modified
2024-08-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1631",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1631"
},
{
"name": "VU#751808",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/751808"
},
{
"name": "27414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27414"
},
{
"name": "20070912 0DAY: QuickTime pwns Firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
},
{
"name": "1018687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
},
{
"name": "20061207 New MySpace worm could be on its way",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "ADV-2007-3155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3155"
},
{
"name": "20138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20138"
},
{
"name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
},
{
"name": "22048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22048"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1631",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1631"
},
{
"name": "VU#751808",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/751808"
},
{
"name": "27414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27414"
},
{
"name": "20070912 0DAY: QuickTime pwns Firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
},
{
"name": "1018687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
},
{
"name": "20061207 New MySpace worm could be on its way",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "ADV-2007-3155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3155"
},
{
"name": "20138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20138"
},
{
"name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
},
{
"name": "22048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22048"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1631",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1631"
},
{
"name": "VU#751808",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/751808"
},
{
"name": "27414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27414"
},
{
"name": "20070912 0DAY: QuickTime pwns Firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
},
{
"name": "1018687",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018687"
},
{
"name": "http://www.gnucitizen.org/blog/backdooring-mp3-files/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
},
{
"name": "20061207 New MySpace worm could be on its way",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "ADV-2007-3155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3155"
},
{
"name": "20138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20138"
},
{
"name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
},
{
"name": "22048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22048"
},
{
"name": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4965",
"datePublished": "2006-09-25T00:00:00",
"dateReserved": "2006-09-24T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0712 (GCVE-0-2007-0712)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33904"
},
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "quicktime-midi-files-bo(32816)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "VU#822481",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33904"
},
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "quicktime-midi-files-bo(32816)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "VU#822481",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33904",
"refsource": "OSVDB",
"url": "http://osvdb.org/33904"
},
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "quicktime-midi-files-bo(32816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32816"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "VU#822481",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0712",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0717 (GCVE-0-2007-0717)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "33899",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33899"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "quicktime-qtif-overflow(32823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32823"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "VU#410993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "33899",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33899"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "quicktime-qtif-overflow(32823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32823"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "VU#410993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "33899",
"refsource": "OSVDB",
"url": "http://osvdb.org/33899"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "quicktime-qtif-overflow(32823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32823"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "VU#410993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/410993"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0717",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0718 (GCVE-0-2007-0718)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#313225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "22839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "quicktime-qtif-file-bo(32826)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#313225",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "22839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "quicktime-qtif-file-bo(32826)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "VU#313225",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/313225"
},
{
"name": "20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462012/100/0/threaded"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "22839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22839"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "quicktime-qtif-file-bo(32826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0718",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0715 (GCVE-0-2007-0715)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-pict-file-bo(32821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32821"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "33901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33901"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "VU#448745",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-pict-file-bo(32821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32821"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "33901",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33901"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "VU#448745",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-pict-file-bo(32821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32821"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "33901",
"refsource": "OSVDB",
"url": "http://osvdb.org/33901"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "VU#448745",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/448745"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0715",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0714 (GCVE-0-2007-0714)
Vulnerability from cvelistv5
Published
2007-03-05 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-udta-atoms-overflow(32819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secway.org/advisory/AD20070306.txt"
},
{
"name": "33902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-010.html"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "20070306 Apple QuickTime udta ATOM Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461999/100/0/threaded"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "20070306 Apple QuickTime udta ATOM Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0003.html"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "20070307 ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462153/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "VU#861817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"name": "22844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-udta-atoms-overflow(32819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secway.org/advisory/AD20070306.txt"
},
{
"name": "33902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-010.html"
},
{
"name": "22827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "20070306 Apple QuickTime udta ATOM Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461999/100/0/threaded"
},
{
"name": "24359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "20070306 Apple QuickTime udta ATOM Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0003.html"
},
{
"name": "TA07-065A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "20070307 ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462153/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "VU#861817",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"name": "22844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0825"
},
{
"name": "quicktime-udta-atoms-overflow(32819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32819"
},
{
"name": "http://secway.org/advisory/AD20070306.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20070306.txt"
},
{
"name": "33902",
"refsource": "OSVDB",
"url": "http://osvdb.org/33902"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-010.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-010.html"
},
{
"name": "22827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22827"
},
{
"name": "20070306 Apple QuickTime udta ATOM Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461999/100/0/threaded"
},
{
"name": "24359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24359"
},
{
"name": "APPLE-SA-2007-03-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
},
{
"name": "1017725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017725"
},
{
"name": "20070306 Apple QuickTime udta ATOM Integer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0003.html"
},
{
"name": "TA07-065A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-065A.html"
},
{
"name": "20070307 ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462153/100/0/threaded"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305149",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"name": "VU#861817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/861817"
},
{
"name": "22844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0714",
"datePublished": "2007-03-05T22:00:00",
"dateReserved": "2007-02-05T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…