CVE-2007-4675 - OpenCVE

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Quicktime
Microsoft	Windows Xp Windows Vista

Configuration 1 [-]

AND

cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.10:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:microsoft:windows_vista:-:::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

References

Link	Resource
http://blog.48bits.com/?p=176	Third Party Advisory
http://docs.info.apple.com/article.html?artnum=306896	Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620	Broken Link
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html	Patch Vendor Advisory
http://secunia.com/advisories/27523	Third Party Advisory
http://www.48bits.com/advisories/qt_pdat_heapbof.pdf	Third Party Advisory
http://www.osvdb.org/38545	Broken Link
http://www.securityfocus.com/archive/1/483564/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/26342	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018894	Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-310A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/3723	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38282	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-07T20:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-09-05T00:00:00

Link: CVE-2007-4675

JSON object: View

NVD Information

Status : Analyzed

Published: 2007-11-07T23:46:00.000

Modified: 2018-10-26T14:05:45.220

Link: CVE-2007-4675

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "TA07-310A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"name": "26342", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26342"}, {"tags": ["x_refsource_MISC"], "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"name": "20071105 Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"name": "20071110 [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"name": "38545", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/38545"}, {"name": "quicktime-qtvr-bo(38282)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}, {"name": "APPLE-SA-2007-11-05", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.48bits.com/?p=176"}, {"name": "27523", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27523"}, {"name": "1018894", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018894"}, {"name": "ADV-2007-3723", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3723"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4675", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA07-310A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"name": "26342", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26342"}, {"name": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf", "refsource": "MISC", "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"name": "http://docs.info.apple.com/article.html?artnum=306896", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"name": "20071105 Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"name": "20071110 [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"name": "38545", "refsource": "OSVDB", "url": "http://www.osvdb.org/38545"}, {"name": "quicktime-qtvr-bo(38282)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}, {"name": "APPLE-SA-2007-11-05", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"name": "http://blog.48bits.com/?p=176", "refsource": "MISC", "url": "http://blog.48bits.com/?p=176"}, {"name": "27523", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27523"}, {"name": "1018894", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018894"}, {"name": "ADV-2007-3723", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3723"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4675", "datePublished": "2007-11-07T20:00:00", "dateReserved": "2007-09-05T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "matchCriteriaId": "04B0096B-6F3A-4193-AD0F-D328A31D087D", "versionEndExcluding": "7.3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la extensi\u00f3n de QuickTime VR versi\u00f3n 7.2.0.240 en QuickTime.qts en QuickTime de Apple anterior a versi\u00f3n 7.3, permite a los atacantes remotos ejecutar los c\u00f3digos arbitrarios por medio de un archivo de pel\u00edcula QTVR (Realidad Virtual de QuickTime) que contiene un campo de gran tama\u00f1o en el encabezado atom de un panorama sample atom."}], "id": "CVE-2007-4675", "lastModified": "2018-10-26T14:05:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-11-07T23:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://blog.48bits.com/?p=176"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/27523"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/38545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/26342"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1018894"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3723"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}