var-200701-0596
Vulnerability from variot
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer. Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code. QuickTime 7.1.3 is vulnerable to this issue; other versions may also be affected. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. A remote attacker can construct something like \"rtsp://[any character]:[ > 256 bytes] The URL string of \" lures the user to click, and the overflow occurs when the system calls QuickTime processing, and any command of the attacker is executed.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-005A
Apple QuickTime RTSP Buffer Overflow
Original release date: January 05, 2007 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Note that Apple iTunes and other software using the vulnerable QuickTime components are also affected.
I. Public exploit code is available that demonstrates how opening a .QTL file triggers the buffer overflow. However, we have confirmed that other attack vectors for the vulnerability also exist.
Possible attack vectors include
* a web page that uses the QuickTime plug-in or ActiveX control
* a web page that uses the rtsp:// protocol
* a file that is associated with the QuickTime Player
US-CERT is tracking this issue as VU#442497. This reference number corresponds to CVE-2007-0015.
Note that this vulnerability affects QuickTime on Microsoft Windows and Apple Mac platforms. Although web pages can be used as attack vectors, this vulnerability is not dependent on the specific web browser that is used.
II.
III. Solution
We are currently unaware of a solution to this problem. Until a solution becomes available, the workarounds provided in US-CERT Vulnerability Note VU#442497 are strongly encouraged.
http://www.kb.cert.org/vuls/id/442497
IV. References
* US-CERT Vulnerability Note VU#442497 -
<http://www.kb.cert.org/vuls/id/442497>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* CVE-2007-0015 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-005A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-005A Feedback VU#442497" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 05, 2007: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRZ7D9OxOF3G+ig+rAQLG+Af/e+VhtMJEDuzVbT47HRdINgIRiOceCx4u DZFbMaUvYu4hjGu9f+T6AaGWR9FQj1ZzWDYf/JHY67NCSkwJdFY4Th1vR09BXJGy lmAzlj7+l3U4UeR+rEud0ajP8qCO7vwRGP4rPUVkcqgaBXqdyfgQbNHtwIpw6w/z eFYyUp/2EA1vHeTGdPNAkQTupuC95kA0QsiONCVv9xTqg7xnlcXBTwKz+T/DcWig LDLgPMupim8+ruhkzCCOVveIFQPBdXN5Aem/Fvpmhi2V5HRBc65vKaDoLzBpt4BZ Wdbeud6ljPjm0JLPvy84Gn7qFcjCu3WP3Nayd7rhbClFZSWyGilM+Q== =RrHt -----END PGP SIGNATURE----- .
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) "src" parameter (e.g. "rtsp://[any character]:[>256 bytes]").
SOLUTION: Do not open untrusted QTL files.
PROVIDED AND/OR DISCOVERED BY: LMH
ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-01-01-2007.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 2.4,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442497"
},
{
"db": "BID",
"id": "21829"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LMH lmh@info-pull.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2007-0015",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-23377",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0015",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442497",
"trust": 0.8,
"value": "27.00"
},
{
"author": "NVD",
"id": "CVE-2007-0015",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-001",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-23377",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442497"
},
{
"db": "VULHUB",
"id": "VHN-23377"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer. \nAttackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code. \nQuickTime 7.1.3 is vulnerable to this issue; other versions may also be affected. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. A remote attacker can construct something like \\\"rtsp://[any character]:[ \u003e 256 bytes] The URL string of \\\" lures the user to click, and the overflow occurs when the system calls QuickTime processing, and any command of the attacker is executed. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA07-005A\n\n\nApple QuickTime RTSP Buffer Overflow\n\n Original release date: January 05, 2007\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n\n * Microsoft Windows\n\n Note that Apple iTunes and other software using the vulnerable\n QuickTime components are also affected. \n\n\nI. Public\n exploit code is available that demonstrates how opening a .QTL file\n triggers the buffer overflow. However, we have confirmed that other\n attack vectors for the vulnerability also exist. \n\n Possible attack vectors include\n\n * a web page that uses the QuickTime plug-in or ActiveX control\n\n * a web page that uses the rtsp:// protocol\n\n * a file that is associated with the QuickTime Player\n\n US-CERT is tracking this issue as VU#442497. This reference number\n corresponds to CVE-2007-0015. \n\n Note that this vulnerability affects QuickTime on Microsoft Windows\n and Apple Mac platforms. Although web pages can be used as attack\n vectors, this vulnerability is not dependent on the specific web\n browser that is used. \n\n\nII. \n\n\nIII. Solution\n\n We are currently unaware of a solution to this problem. Until a\n solution becomes available, the workarounds provided in US-CERT\n Vulnerability Note VU#442497 are strongly encouraged. \n\n \u003chttp://www.kb.cert.org/vuls/id/442497\u003e\n\n\nIV. References\n\n * US-CERT Vulnerability Note VU#442497 -\n \u003chttp://www.kb.cert.org/vuls/id/442497\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n * CVE-2007-0015 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-005A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-005A Feedback VU#442497\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n January 05, 2007: Initial release\n\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRZ7D9OxOF3G+ig+rAQLG+Af/e+VhtMJEDuzVbT47HRdINgIRiOceCx4u\nDZFbMaUvYu4hjGu9f+T6AaGWR9FQj1ZzWDYf/JHY67NCSkwJdFY4Th1vR09BXJGy\nlmAzlj7+l3U4UeR+rEud0ajP8qCO7vwRGP4rPUVkcqgaBXqdyfgQbNHtwIpw6w/z\neFYyUp/2EA1vHeTGdPNAkQTupuC95kA0QsiONCVv9xTqg7xnlcXBTwKz+T/DcWig\nLDLgPMupim8+ruhkzCCOVveIFQPBdXN5Aem/Fvpmhi2V5HRBc65vKaDoLzBpt4BZ\nWdbeud6ljPjm0JLPvy84Gn7qFcjCu3WP3Nayd7rhbClFZSWyGilM+Q==\n=RrHt\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. This can be exploited to cause a stack-based buffer\noverflow via a specially crafted QTL file with an overly long (more\nthan 256 bytes) \"src\" parameter (e.g. \"rtsp://[any character]:[\u003e256\nbytes]\"). \n\nSOLUTION:\nDo not open untrusted QTL files. \n\nPROVIDED AND/OR DISCOVERED BY:\nLMH\n\nORIGINAL ADVISORY:\nhttp://projects.info-pull.com/moab/MOAB-01-01-2007.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0015"
},
{
"db": "CERT/CC",
"id": "VU#442497"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"db": "BID",
"id": "21829"
},
{
"db": "VULHUB",
"id": "VHN-23377"
},
{
"db": "PACKETSTORM",
"id": "53507"
},
{
"db": "PACKETSTORM",
"id": "53358"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-23377",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23377"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "21829",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "23540",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#442497",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2007-0015",
"trust": 2.9
},
{
"db": "USCERT",
"id": "TA07-005A",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1017461",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "31023",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "3064",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0001",
"trust": 1.7
},
{
"db": "XF",
"id": "31203",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001",
"trust": 0.7
},
{
"db": "MILW0RM",
"id": "3064",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA07-005A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-01-23",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "53507",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "53412",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82966",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "3072",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16527",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71041",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-23377",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53358",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442497"
},
{
"db": "VULHUB",
"id": "VHN-23377"
},
{
"db": "BID",
"id": "21829"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"db": "PACKETSTORM",
"id": "53507"
},
{
"db": "PACKETSTORM",
"id": "53358"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"id": "VAR-200701-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23377"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:39:54.051000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2007-001 (Panther)",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/securityupdate2007001panther.html"
},
{
"title": "Security Update 2007-001 (Universal)",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/securityupdate2007001universal.html"
},
{
"title": "Security Update 2007-001",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=304989-en"
},
{
"title": "Security Update 2007-001",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=304989-ja"
},
{
"title": "\u30a2\u30c3\u30d7\u30eb - QuickTime",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/"
},
{
"title": "Security Update 2007-001 (Universal)",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/securityupdate2007001universal.html"
},
{
"title": "Security Update 2007-001 (Panther)",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/securityupdate2007001panther.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://docs.info.apple.com/article.html?artnum=304989"
},
{
"trust": 2.6,
"url": "http://projects.info-pull.com/moab/moab-01-01-2007.html"
},
{
"trust": 2.5,
"url": "http://lists.apple.com/archives/security-announce/2007/jan/msg00000.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/blog/7/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/21829"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-005a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/442497"
},
{
"trust": 2.5,
"url": "http://www.osvdb.org/31023"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1017461"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/23540"
},
{
"trust": 1.7,
"url": "http://isc.sans.org/diary.html?storyid=2094"
},
{
"trust": 1.7,
"url": "http://landonf.bikemonkey.org/code/macosx/moab_day_1.20070102060815.15950.zadder.local.html"
},
{
"trust": 1.6,
"url": "http://search.info.apple.com/?search=go\u0026q=2007-001"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/0001"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/31203"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/3064"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0001"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31203"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/23540/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/21829 "
},
{
"trust": 0.8,
"url": "http://plugindoc.mozdev.org/faqs/uninstall.html"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=106704"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=304264"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0015"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2007/at070016.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta07-005a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23442497/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta07-005a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0015"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/3064"
},
{
"trust": 0.6,
"url": "http://milw0rm.com/exploits/3064"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://applefun.blogspot.com/2007/01/moab-01-01-2007-apple-quicktime-rtsp.html"
},
{
"trust": 0.3,
"url": "http://www.computerdefense.org/?p=225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0015"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-005a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/442497\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0015\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442497"
},
{
"db": "VULHUB",
"id": "VHN-23377"
},
{
"db": "BID",
"id": "21829"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"db": "PACKETSTORM",
"id": "53507"
},
{
"db": "PACKETSTORM",
"id": "53358"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#442497"
},
{
"db": "VULHUB",
"id": "VHN-23377"
},
{
"db": "BID",
"id": "21829"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"db": "PACKETSTORM",
"id": "53507"
},
{
"db": "PACKETSTORM",
"id": "53358"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-02T00:00:00",
"db": "CERT/CC",
"id": "VU#442497"
},
{
"date": "2007-01-01T00:00:00",
"db": "VULHUB",
"id": "VHN-23377"
},
{
"date": "2007-01-01T00:00:00",
"db": "BID",
"id": "21829"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"date": "2007-01-13T20:37:59",
"db": "PACKETSTORM",
"id": "53507"
},
{
"date": "2007-01-02T18:09:24",
"db": "PACKETSTORM",
"id": "53358"
},
{
"date": "2007-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"date": "2007-01-01T23:28:00",
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#442497"
},
{
"date": "2017-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-23377"
},
{
"date": "2007-11-15T00:36:00",
"db": "BID",
"id": "21829"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000005"
},
{
"date": "2007-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-001"
},
{
"date": "2024-11-21T00:24:46.480000",
"db": "NVD",
"id": "CVE-2007-0015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "53507"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime RTSP buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-001"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…