CVE-2007-0718

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0718
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://docs.info.apple.com/article.html?artnum=305149 Patch Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html Vendor Advisory
http://secunia.com/advisories/24359 Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/313225 US Government Resource
http://www.securityfocus.com/archive/1/462012/100/0/threaded
http://www.securityfocus.com/bid/22827
http://www.securityfocus.com/bid/22839
http://www.securitytracker.com/id?1017725 Patch
http://www.us-cert.gov/cas/techalerts/TA07-065A.html US Government Resource
http://www.vupen.com/english/advisories/2007/0825 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
http://docs.info.apple.com/article.html?artnum=305149 Patch Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html Vendor Advisory
http://secunia.com/advisories/24359 Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/313225 US Government Resource
http://www.securityfocus.com/archive/1/462012/100/0/threaded
http://www.securityfocus.com/bid/22827
http://www.securityfocus.com/bid/22839
http://www.securitytracker.com/id?1017725 Patch
http://www.us-cert.gov/cas/techalerts/TA07-065A.html US Government Resource
http://www.vupen.com/english/advisories/2007/0825 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*
History

21 Nov 2024, 00:26

Type Values Removed Values Added
References () http://docs.info.apple.com/article.html?artnum=305149 - Patch, Vendor Advisory () http://docs.info.apple.com/article.html?artnum=305149 - Patch, Vendor Advisory
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486 -
References () http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html - Vendor Advisory () http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html - Vendor Advisory
References () http://secunia.com/advisories/24359 - Patch, Vendor Advisory () http://secunia.com/advisories/24359 - Patch, Vendor Advisory
References () http://www.kb.cert.org/vuls/id/313225 - US Government Resource () http://www.kb.cert.org/vuls/id/313225 - US Government Resource
References () http://www.securityfocus.com/archive/1/462012/100/0/threaded - () http://www.securityfocus.com/archive/1/462012/100/0/threaded -
References () http://www.securityfocus.com/bid/22827 - () http://www.securityfocus.com/bid/22827 -
References () http://www.securityfocus.com/bid/22839 - () http://www.securityfocus.com/bid/22839 -
References () http://www.securitytracker.com/id?1017725 - Patch () http://www.securitytracker.com/id?1017725 - Patch
References () http://www.us-cert.gov/cas/techalerts/TA07-065A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-065A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2007/0825 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/0825 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/32826 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/32826 -
Information

Published : 2007-03-05 22:19

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0718

Mitre link : CVE-2007-0718

CVE.ORG link : CVE-2007-0718

JSON object : View

Products Affected

apple

  • quicktime
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024