cvelistv5 - cve-2006-1460

CVE-2006-1460 (GCVE-0-2006-1460)

Vulnerability from cvelistv5

Published

2006-05-12 20:00

Modified

2024-08-07 17:12

Severity ?

CWE

Summary

Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2006/May/msg00002.html	Patch
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html
cve@mitre.org	http://secunia.com/advisories/20069	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/887
cve@mitre.org	http://securitytracker.com/id?1016067	Patch
cve@mitre.org	http://secway.org/advisory/AD20060512.txt	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/433810/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/433831/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17953	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-132B.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1778	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26393
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2006/May/msg00002.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20069	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/887
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016067	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secway.org/advisory/AD20060512.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433810/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433831/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17953	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-132B.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1778	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26393

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:12:22.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20069"
          },
          {
            "name": "APPLE-SA-2006-05-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
          },
          {
            "name": "1016067",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016067"
          },
          {
            "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
          },
          {
            "name": "TA06-132B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secway.org/advisory/AD20060512.txt"
          },
          {
            "name": "quicktime-mov-bo(26393)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
          },
          {
            "name": "887",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/887"
          },
          {
            "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
          },
          {
            "name": "17953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17953"
          },
          {
            "name": "ADV-2006-1778",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1778"
          },
          {
            "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20069"
        },
        {
          "name": "APPLE-SA-2006-05-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
        },
        {
          "name": "1016067",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016067"
        },
        {
          "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
        },
        {
          "name": "TA06-132B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secway.org/advisory/AD20060512.txt"
        },
        {
          "name": "quicktime-mov-bo(26393)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
        },
        {
          "name": "887",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/887"
        },
        {
          "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
        },
        {
          "name": "17953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17953"
        },
        {
          "name": "ADV-2006-1778",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1778"
        },
        {
          "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20069",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20069"
            },
            {
              "name": "APPLE-SA-2006-05-11",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
            },
            {
              "name": "1016067",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016067"
            },
            {
              "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
            },
            {
              "name": "TA06-132B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
            },
            {
              "name": "http://secway.org/advisory/AD20060512.txt",
              "refsource": "MISC",
              "url": "http://secway.org/advisory/AD20060512.txt"
            },
            {
              "name": "quicktime-mov-bo(26393)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
            },
            {
              "name": "887",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/887"
            },
            {
              "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
            },
            {
              "name": "17953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17953"
            },
            {
              "name": "ADV-2006-1778",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1778"
            },
            {
              "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1460",
    "datePublished": "2006-05-12T20:00:00",
    "dateReserved": "2006-03-28T00:00:00",
    "dateUpdated": "2024-08-07T17:12:22.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1460\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-12T20:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.4\",\"matchCriteriaId\":\"EEAFBED2-7F11-42F2-ADAF-14998633BE4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B488-129A-49EA-AF84-6077FCDBB898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758610B-3789-489E-A751-386D605E5A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B535737C-BF32-471C-B26A-588632FCC427\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2006/May/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20069\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/887\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016067\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secway.org/advisory/AD20060512.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/433810/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/433831/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17953\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-132B.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1778\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26393\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2006/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secway.org/advisory/AD20060512.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/433810/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/433831/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-132B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2006-1460

Vulnerability from fkie_nvd

Published

2006-05-12 20:06

Modified

2025-04-03 01:03

Severity ?

Summary

Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2006/May/msg00002.html	Patch
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html
cve@mitre.org	http://secunia.com/advisories/20069	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/887
cve@mitre.org	http://securitytracker.com/id?1016067	Patch
cve@mitre.org	http://secway.org/advisory/AD20060512.txt	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/433810/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/433831/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17953	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-132B.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1778	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26393
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2006/May/msg00002.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20069	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/887
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016067	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secway.org/advisory/AD20060512.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433810/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433831/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17953	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-132B.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1778	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26393

Impacted products

Vendor	Product	Version
apple	quicktime	*
apple	quicktime	7.0
apple	quicktime	7.0.1
apple	quicktime	7.0.2
apple	quicktime	7.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAFBED2-7F11-42F2-ADAF-14998633BE4B",
              "versionEndIncluding": "7.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom."
    }
  ],
  "id": "CVE-2006-1460",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-05-12T20:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20069"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/887"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016067"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secway.org/advisory/AD20060512.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17953"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secway.org/advisory/AD20060512.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Description

Un grand nombre de vulnérabilités a été découverte dans le logiciel QuickTime d'Apple. Ces vulnérabilités touchent tous les aspects du logiciel (lecture d'images au format JPEG, BMP ou PICT, lecture de vidéos sous différents formats, lecture de contenu Flash, etc.).

Ces nombreuses vulnérabilités peuvent être exploitées par un utilisateur mal intentionné afin d'exécuter du code malveillant à l'insu de l'utilisateur, ayant pour but de provoquer un déni de service ou une compromission totale de la machine.

Solution

Se référer au bulletin de mise à jour de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Quicktime versions 4.x, 5.x, 6.x et 7.x antérieures à la version 7.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

gsd-2006-1460

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.

Aliases

CVE-2006-1460

Aliases

CVE-2006-1460

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1460",
    "description": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.",
    "id": "GSD-2006-1460"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1460"
      ],
      "details": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.",
      "id": "GSD-2006-1460",
      "modified": "2023-12-13T01:19:55.270847Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-1460",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20069",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20069"
          },
          {
            "name": "APPLE-SA-2006-05-11",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
          },
          {
            "name": "1016067",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016067"
          },
          {
            "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
          },
          {
            "name": "TA06-132B",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
          },
          {
            "name": "http://secway.org/advisory/AD20060512.txt",
            "refsource": "MISC",
            "url": "http://secway.org/advisory/AD20060512.txt"
          },
          {
            "name": "quicktime-mov-bo(26393)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
          },
          {
            "name": "887",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/887"
          },
          {
            "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
          },
          {
            "name": "17953",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17953"
          },
          {
            "name": "ADV-2006-1778",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1778"
          },
          {
            "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1460"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2006-05-11",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
            },
            {
              "name": "17953",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/17953"
            },
            {
              "name": "1016067",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1016067"
            },
            {
              "name": "20069",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20069"
            },
            {
              "name": "http://secway.org/advisory/AD20060512.txt",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secway.org/advisory/AD20060512.txt"
            },
            {
              "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
            },
            {
              "name": "TA06-132B",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
            },
            {
              "name": "887",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/887"
            },
            {
              "name": "ADV-2006-1778",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1778"
            },
            {
              "name": "quicktime-mov-bo(26393)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
            },
            {
              "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
            },
            {
              "name": "20060512 Apple QuickTime udta ATOM Heap Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-18T16:32Z",
      "publishedDate": "2006-05-12T20:06Z"
    }
  }
}

ghsa-8266-35h7-x8g4

Vulnerability from github

Published

2022-05-01 06:49

Modified

2022-05-01 06:49

Details

Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-12T20:06:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.",
  "id": "GHSA-8266-35h7-x8g4",
  "modified": "2022-05-01T06:49:48Z",
  "published": "2022-05-01T06:49:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1460"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045987.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20069"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/887"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016067"
    },
    {
      "type": "WEB",
      "url": "http://secway.org/advisory/AD20060512.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17953"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1778"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-200605-0219

Vulnerability from variot

Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. Multiple integer-overflow and buffer-overflow vulnerabilities affect QuickTime. These issues affect both Mac OS X and Microsoft Windows releases of the software. Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.

For more information, please refer to the Vulnerability Notes.

II. Impact

The impacts of these vulnerabilities could allow an remote, unauthenticated attacker to execute arbitrary code or commands, and cause a denial-of-service condition. For further information, please see the Vulnerability Notes.

III.

Disable QuickTime in your web browser

An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.

Appendix A. Please send email to cert@cert.org with "TA06-132B Feedback VU#289705" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

May 12, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRGT7JH0pj593lg50AQI2Uwf/U3zGDrR8UkWK4ry6AYMS7HPMdbiF6Vmo 9gP9Luc6Kj8zzxCWhnNKNzEq2P0B1oD03WcPFaIPnwvQJGApeUDRimyhQj8RDjME yAUt/reWG7RZ0Z2w/qaiZP7pQ7SjyIUKkN2OCG8LMmGKqsiCdFXoss/Bu0yFMH11 uvgwibfvkOdRLAPmRTVWk+gJEAdw3xFySm9r92qmig6CxKi7GAIpi9Gf7MXcRsKg oG3y5f06Kiq8ACYszPKneHE7WNvLP1ewuaWmf7PHiNebAB+W5hfwA2yEh6e6PSV2 eBi5cpigfXBrsjXk4L7wYrD8UcRl7nN8iqzWpMwYJkSloUmcYL1BBg== =LsFu -----END PGP SIGNATURE----- . ______________

McAfee, Inc. McAfee Avert\x99 Labs Security Advisory Public Release Date: 2006-05-11

Apple QuickDraw/QuickTime Multiple Vulnerabilities

CVE-2006-1249, CVE-2006-1453, CVE-2006-1454, CVE-2006-1459, CVE-2006-1460, CVE-2006-1461, CVE-2006-1462, CVE-2006-1464, CVE-2006-1465

Synopsis

Apple QuickTime and Apple QuickDraw are multimedia technologies used to process image, audio and video data.

Two code execution vulnerabilities are present in QuickDraw PICT image format support.

Twenty one code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, MPEG 4, AVI, FPX and SWF. In order for an attack to succeed user interaction is required and therefore the risk factor for these issues is medium.

CVE-2006-1459

Seven integer overflow vulnerabilities are present in QuickTime MOV video format support.

CVE-2006-1460

Five buffer overflow vulnerabilities are present in QuickTime MOV video format support.

CVE-2006-1461

Two buffer overflow vulnerabilities are present in QuickTime Flash (SWF) support.

CVE-2006-1462

Three integer overflow vulnerabilities are presenting QuickTime H.264 (M4V) video format support.

CVE-2006-1464

One buffer overflow vulnerability is present in QuickTime MPEG4 (M4P) video format support.

CVE-2006-1465

One buffer overflow vulnerability is present in QuickTime AVI video format support.

Legal Notice

Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee\x92s customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes.

McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

TITLE: QuickTime Multiple Code Execution Vulnerabilities

SECUNIA ADVISORY ID: SA20069

VERIFY ADVISORY: http://secunia.com/advisories/20069/

CRITICAL: Highly critical

IMPACT: DoS, System access

WHERE:

From remote

SOFTWARE: Apple Quicktime 4.x http://secunia.com/product/7923/ Apple Quicktime 5.x http://secunia.com/product/215/ Apple Quicktime 6.x http://secunia.com/product/810/ Apple QuickTime 7.x http://secunia.com/product/5090/

DESCRIPTION: Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow error within the processing of JPEG images can be exploited via a specially crafted JPEG image to crash the application and potentially execute arbitrary code.

3) A boundary error within the processing of Flash movies can be exploited via a specially crafted Flash movie to crash the application and potentially execute arbitrary code.

5) A boundary error within the processing of MPEG4 movies can be exploited via a specially crafted MPEG4 movie to crash the application and potentially execute arbitrary code.

6) An integer overflow error within the processing of FlashPix images (".fpx") can be exploited via a specially crafted FlashPix image with an overly large value in the field specifying the number of data blocks in the file.

7) A boundary error within the processing of AVI movies can be exploited via a specially crafted AVI movie to crash the application and potentially execute arbitrary code.

8) Two boundary errors within the processing of PICT images can be exploited to either cause a stack-based via a PICT image with specially crafted font information or a heap-based buffer overflow via a PICT image with specially crafted image data. This can be exploited to crash the application and potentially execute arbitrary code.

9) A boundary error within the processing of BMP images can be exploited via a specially crafted BMP image to crash the application and potentially execute arbitrary code.

SOLUTION: Update to version 7.1. http://www.apple.com/support/downloads/quicktime71.html

PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) Mike Price of McAfee AVERT Labs and Sowhat of Nevis Labs. 3) Mike Price, McAfee AVERT Labs. 4) Mike Price of McAfee AVERT Labs and ATmaCA. 5) Mike Price, McAfee AVERT Labs. 6) Fang Xing of eEye Digital Security and Mike Price of McAfee AVERT Labs. 7) Mike Price, McAfee AVERT Labs. 8) Mike Price, McAfee AVERT Labs. 9) Tom Ferris

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=303752

eEye Digital Security: http://www.eeye.com/html/research/advisories/AD20060511.html

Zero Day Initiative: http://www.zerodayinitiative.com/advisories/ZDI-06-015.html

Sowhat: http://secway.org/advisory/AD20060512.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200605-0219",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mike Price ATmaCA atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat smaillist@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-1460",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2006-1460",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-17568",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-1460",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200605-233",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-17568",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. Multiple integer-overflow and buffer-overflow vulnerabilities affect QuickTime. These issues affect both Mac OS X and Microsoft Windows releases of the software. \nSuccessful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. An attacker\n   could exploit these vulnerabilities by convincing a user to access\n   a specially crafted image or media file with a vulnerable version\n   of QuickTime. Since QuickTime configures most web browsers to\n   handle QuickTime media files, an attacker could exploit these\n   vulnerabilities using a web page. \n\n   For more information, please refer to the Vulnerability Notes. \n\n\nII. Impact\n\n   The impacts of these vulnerabilities could allow an remote,\n   unauthenticated attacker to execute arbitrary code or commands, and\n   cause a denial-of-service condition. For further information,\n   please see the Vulnerability Notes. \n\n\nIII. \n\nDisable QuickTime in your web browser\n\n   An attacker may be able to exploit this vulnerability by persuading\n   a user to access a specially crafted file with a web\n   browser. Disabling QuickTime in your web browser will defend\n   against this attack vector.  For more information, refer to the\n   Securing Your Web Browser document. \n\n\nAppendix A. Please send\n   email to \u003ccert@cert.org\u003e with \"TA06-132B Feedback VU#289705\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   May 12, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRGT7JH0pj593lg50AQI2Uwf/U3zGDrR8UkWK4ry6AYMS7HPMdbiF6Vmo\n9gP9Luc6Kj8zzxCWhnNKNzEq2P0B1oD03WcPFaIPnwvQJGApeUDRimyhQj8RDjME\nyAUt/reWG7RZ0Z2w/qaiZP7pQ7SjyIUKkN2OCG8LMmGKqsiCdFXoss/Bu0yFMH11\nuvgwibfvkOdRLAPmRTVWk+gJEAdw3xFySm9r92qmig6CxKi7GAIpi9Gf7MXcRsKg\noG3y5f06Kiq8ACYszPKneHE7WNvLP1ewuaWmf7PHiNebAB+W5hfwA2yEh6e6PSV2\neBi5cpigfXBrsjXk4L7wYrD8UcRl7nN8iqzWpMwYJkSloUmcYL1BBg==\n=LsFu\n-----END PGP SIGNATURE-----\n. ____________________________________________________________________\n\nMcAfee, Inc. \nMcAfee Avert\\x99 Labs Security Advisory\nPublic Release Date: 2006-05-11\n\nApple QuickDraw/QuickTime Multiple Vulnerabilities\n\nCVE-2006-1249, CVE-2006-1453, CVE-2006-1454, CVE-2006-1459, CVE-2006-1460, CVE-2006-1461, CVE-2006-1462, CVE-2006-1464, CVE-2006-1465\n______________________________________________________________________\n\n* Synopsis\n\nApple QuickTime and Apple QuickDraw are multimedia technologies used to process image, audio and video data. \n\nTwo code execution vulnerabilities are present in QuickDraw PICT image format support. \n\nTwenty one code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, MPEG 4, AVI, FPX and SWF. In order for an attack to succeed user interaction is required and therefore the risk factor for these issues is medium. \n\nCVE-2006-1459\n\nSeven integer overflow vulnerabilities are present in QuickTime MOV video format support. \n\nCVE-2006-1460\n\nFive buffer overflow vulnerabilities are present in QuickTime MOV video format support. \n\nCVE-2006-1461\n\nTwo buffer overflow vulnerabilities are present in QuickTime Flash (SWF) support. \n\nCVE-2006-1462\n\nThree integer overflow vulnerabilities are presenting QuickTime H.264 (M4V) video format support. \n\nCVE-2006-1464\n\nOne buffer overflow vulnerability is present in QuickTime MPEG4 (M4P) video format support. \n\nCVE-2006-1465\n\nOne buffer overflow vulnerability is present in QuickTime AVI video format support. \n\n______________________________________________________________________\n\n* Legal Notice\n\nCopyright (C) 2006 McAfee, Inc. \nThe information contained within this advisory is provided for the convenience of McAfee\\x92s customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. \n\nMcAfee, Inc. and/or its affiliated companies in the United States and/or other Countries.  All other registered and unregistered trademarks in this document are the sole property of their respective owners. \n\n______________________________________________________________________\n. \n\nTITLE:\nQuickTime Multiple Code Execution Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA20069\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20069/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple Quicktime 4.x\nhttp://secunia.com/product/7923/\nApple Quicktime 5.x\nhttp://secunia.com/product/215/\nApple Quicktime 6.x\nhttp://secunia.com/product/810/\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in QuickTime, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\n1) An integer overflow error within the processing of JPEG images can\nbe exploited via a specially crafted JPEG image to crash the\napplication and potentially execute arbitrary code. \n\n3) A boundary error within the processing of Flash movies can be\nexploited via a specially crafted Flash movie to crash the\napplication and potentially execute arbitrary code. \n\n5) A boundary error within the processing of MPEG4 movies can be\nexploited via a specially crafted MPEG4 movie to crash the\napplication and potentially execute arbitrary code. \n\n6) An integer overflow error within the processing of FlashPix images\n(\".fpx\") can be exploited via a specially crafted FlashPix image with\nan overly large value in the field specifying the number of data\nblocks in the file. \n\n7) A boundary error within the processing of AVI movies can be\nexploited via a specially crafted AVI movie to crash the application\nand potentially execute arbitrary code. \n\n8) Two boundary errors within the processing of PICT images can be\nexploited to either cause a stack-based via a PICT image with\nspecially crafted font information or a heap-based buffer overflow\nvia a PICT image with specially crafted image data. This can be\nexploited to crash the application and potentially execute arbitrary\ncode. \n\n9) A boundary error within the processing of BMP images can be\nexploited via a specially crafted BMP image to crash the application\nand potentially execute arbitrary code. \n\nSOLUTION:\nUpdate to version 7.1. \nhttp://www.apple.com/support/downloads/quicktime71.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Reported by the vendor. \n2) Mike Price of McAfee AVERT Labs and Sowhat of Nevis Labs. \n3) Mike Price, McAfee AVERT Labs. \n4) Mike Price of McAfee AVERT Labs and ATmaCA. \n5) Mike Price, McAfee AVERT Labs. \n6) Fang Xing of eEye Digital Security and Mike Price of McAfee AVERT\nLabs. \n7) Mike Price, McAfee AVERT Labs. \n8) Mike Price, McAfee AVERT Labs. \n9) Tom Ferris\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=303752\n\neEye Digital Security:\nhttp://www.eeye.com/html/research/advisories/AD20060511.html\n\nZero Day Initiative:\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-015.html\n\nSowhat:\nhttp://secway.org/advisory/AD20060512.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      },
      {
        "db": "BID",
        "id": "17953"
      },
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "db": "PACKETSTORM",
        "id": "46427"
      },
      {
        "db": "PACKETSTORM",
        "id": "46419"
      },
      {
        "db": "PACKETSTORM",
        "id": "46260"
      }
    ],
    "trust": 1.53
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-1460",
        "trust": 2.1
      },
      {
        "db": "BID",
        "id": "17953",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20069",
        "trust": 1.9
      },
      {
        "db": "USCERT",
        "id": "TA06-132B",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "887",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016067",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1778",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20060512 APPLE QUICKTIME UDTA ATOM HEAP OVERFLOW",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060512 APPLE QUICKTIME UDTA ATOM HEAP OVERFLOW",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060512 APPLE QUICKDRAW/QUICKTIME MULTIPLE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2006-05-11",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA06-132B",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "26393",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-17568",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "46427",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "46419",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-06-015",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "46260",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "db": "BID",
        "id": "17953"
      },
      {
        "db": "PACKETSTORM",
        "id": "46427"
      },
      {
        "db": "PACKETSTORM",
        "id": "46419"
      },
      {
        "db": "PACKETSTORM",
        "id": "46260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "id": "VAR-200605-0219",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:59:44.964000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://secway.org/advisory/ad20060512.txt"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2006/may/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17953"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-132b.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-may/045987.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016067"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20069"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/887"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/433810/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1778"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26393"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/433831/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1778"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/433810/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/26393"
      },
      {
        "trust": 0.4,
        "url": "http://docs.info.apple.com/article.html?artnum=303752"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433850"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433810"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433828"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_7.1\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=303752\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-132b.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime71.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1461"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1453"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1462"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1465"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1460"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1249"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/quicktime71.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5090/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-06-015.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/810/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20069/"
      },
      {
        "trust": 0.1,
        "url": "http://www.eeye.com/html/research/advisories/ad20060511.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7923/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/215/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "db": "BID",
        "id": "17953"
      },
      {
        "db": "PACKETSTORM",
        "id": "46427"
      },
      {
        "db": "PACKETSTORM",
        "id": "46419"
      },
      {
        "db": "PACKETSTORM",
        "id": "46260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "db": "BID",
        "id": "17953"
      },
      {
        "db": "PACKETSTORM",
        "id": "46427"
      },
      {
        "db": "PACKETSTORM",
        "id": "46419"
      },
      {
        "db": "PACKETSTORM",
        "id": "46260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "date": "2006-05-11T00:00:00",
        "db": "BID",
        "id": "17953"
      },
      {
        "date": "2006-05-22T00:50:08",
        "db": "PACKETSTORM",
        "id": "46427"
      },
      {
        "date": "2006-05-21T22:28:33",
        "db": "PACKETSTORM",
        "id": "46419"
      },
      {
        "date": "2006-05-17T05:39:52",
        "db": "PACKETSTORM",
        "id": "46260"
      },
      {
        "date": "2005-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "date": "2006-05-12T20:06:00",
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-17568"
      },
      {
        "date": "2006-05-15T22:29:00",
        "db": "BID",
        "id": "17953"
      },
      {
        "date": "2006-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      },
      {
        "date": "2024-11-21T00:08:55.510000",
        "db": "NVD",
        "id": "CVE-2006-1460"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "46427"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime QuickTime the film Multiple buffer overflow vulnerabilities",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-233"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-1460 (GCVE-0-2006-1460)

Vulnerability from cvelistv5

fkie_cve-2006-1460

Vulnerability from fkie_nvd

CERTA-2006-AVI-194

Vulnerability from certfr_avis

Description

Solution

gsd-2006-1460

Vulnerability from gsd

ghsa-8266-35h7-x8g4

Vulnerability from github

var-200605-0219

Vulnerability from variot

Tags

Sightings

Nomenclature