CVE-2007-2394 - OpenCVE

Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Quicktime

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*

OR	cpe:2.3:a:apple:quicktime:-:::::::*
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*
	cpe:2.3:a:apple:quicktime:7.0.3:::::::*
	cpe:2.3:a:apple:quicktime:7.0.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.2:::::::*
	cpe:2.3:a:apple:quicktime:7.1.3:::::::*
	cpe:2.3:a:apple:quicktime:7.1.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1.5:::::::*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=305947
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556	Patch
http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html	Patch
http://osvdb.org/36134
http://secunia.com/advisories/26034	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/473882/100/100/threaded
http://www.securityfocus.com/bid/24873
http://www.securitytracker.com/id?1018373
http://www.us-cert.gov/cas/techalerts/TA07-193A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/2510
https://exchange.xforce.ibmcloud.com/vulnerabilities/35357

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-15T21:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2394

JSON object: View

NVD Information

Status : Modified

Published: 2007-07-15T21:30:00.000

Modified: 2018-10-30T16:25:17.590

Link: CVE-2007-2394

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26034", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26034"}, {"name": "quicktime-smil-overflow(35357)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}, {"name": "1018373", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "24873", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24873"}, {"name": "20070717 Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "36134", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36134"}, {"name": "20070711 Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26034", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26034"}, {"name": "quicktime-smil-overflow(35357)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}, {"name": "1018373", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "24873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24873"}, {"name": "20070717 Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"name": "http://docs.info.apple.com/article.html?artnum=305947", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "36134", "refsource": "OSVDB", "url": "http://osvdb.org/36134"}, {"name": "20070711 Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2394", "datePublished": "2007-07-15T21:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EE08FAE-0862-4C36-95BC-878B04CBF397", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation."}, {"lang": "es", "value": "Desbordamiento de entero en Apple Quicktime anterior a 7.2 en Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante los campos (1) title y (2) author modificados artesanalmente en un fichero SMIL, relacionado con c\u00e1lculos indebidos para reserva de memoria."}], "id": "CVE-2007-2394", "lastModified": "2018-10-30T16:25:17.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-15T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36134"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26034"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24873"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018373"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}