CVE-2007-0102 - OpenCVE

The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Preview

Configuration 1 [-]

cpe:2.3:a:apple:preview:3.0.8:*:*:*:*:*:*:*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=305214
http://osvdb.org/31221
http://projects.info-pull.com/moab/MOAB-06-01-2007.html	Exploit
http://secunia.com/advisories/24479
http://www.securityfocus.com/bid/21910	Exploit Patch
http://www.securitytracker.com/id?1017749
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/0930
https://exchange.xforce.ibmcloud.com/vulnerabilities/31364

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T00:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-01-08T00:00:00

Link: CVE-2007-0102

JSON object: View

NVD Information

Status : Modified

Published: 2007-01-09T00:28:00.000

Modified: 2017-07-29T01:29:58.687

Link: CVE-2007-0102

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-06T00:00:00", "descriptions": [{"lang": "en", "value": "The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "TA07-072A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "multiple-vendor-pdf-code-execution(31364)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31364"}, {"name": "21910", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21910"}, {"name": "31221", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/31221"}, {"name": "1017749", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017749"}, {"tags": ["x_refsource_MISC"], "url": "http://projects.info-pull.com/moab/MOAB-06-01-2007.html"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0102", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA07-072A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=305214", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "multiple-vendor-pdf-code-execution(31364)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31364"}, {"name": "21910", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21910"}, {"name": "31221", "refsource": "OSVDB", "url": "http://osvdb.org/31221"}, {"name": "1017749", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017749"}, {"name": "http://projects.info-pull.com/moab/MOAB-06-01-2007.html", "refsource": "MISC", "url": "http://projects.info-pull.com/moab/MOAB-06-01-2007.html"}, {"name": "ADV-2007-0930", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "24479", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24479"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0102", "datePublished": "2007-01-09T00:00:00", "dateReserved": "2007-01-08T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:preview:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "50DF028B-1CCC-43A3-ACCE-F4A6C650D5B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node."}, {"lang": "es", "value": "La especificaci\u00f3n de Adobe PDF 1.3, como se implementa en Apple Mac OS X Preview, permite a atacantes remotos tener un impacto desconocido, posiblemente incluyendo denegaci\u00f3n de servicio (bucle infinito), ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n, o corrupci\u00f3n de memoria, mediante un archivo PDF con un (1) diccionario de cat\u00e1logo manipulado o (2) un atributo P\u00e1ginas (Pages) manipulado que referencia a un nodo inv\u00e1lido del \u00e1rbol de p\u00e1ginas."}], "id": "CVE-2007-0102", "lastModified": "2017-07-29T01:29:58.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-09T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/31221"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://projects.info-pull.com/moab/MOAB-06-01-2007.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24479"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/21910"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017749"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31364"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}