CVE-2007-6238 - OpenCVE

Vendors	Products
Apple	Quicktime

Link	Resource
http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html
http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185
http://www.securityfocus.com/bid/26682
http://www.securitytracker.com/id?1019039
https://exchange.xforce.ibmcloud.com/vulnerabilities/38852

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"name": "26682", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26682"}, {"name": "quicktime-unspecified-code-execution(38852)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}, {"name": "1019039", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019039"}, {"tags": ["x_refsource_MISC"], "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185", "refsource": "MISC", "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"name": "26682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26682"}, {"name": "quicktime-unspecified-code-execution(38852)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}, {"name": "1019039", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019039"}, {"name": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html", "refsource": "MISC", "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6238", "datePublished": "2007-12-04T18:00:00", "dateReserved": "2007-12-04T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:7.2:*:windows_xp:*:*:*:*:*", "matchCriteriaId": "FBA37276-D6FD-42B7-AD31-00A0AC81FEF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Apple QuickTime 7.2 sobre Windows XP permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un vector de ataque desconocido, probablemente una vulnerabilidad diferente que CVE-2007-6166. NOTA: esta informaci\u00f3n est\u00e1 basada en un aviso poco completo a trav\u00e9s de una organizaci\u00f3n que vende vulnerabilidades que no se coordina con vendedores o lleva a cabo avisos con informaci\u00f3n pertinente. Un CVE se ha asignado para facilitar su seguimiento, pero los duplicados con otros CVE son dif\u00edciles de determinar. Sin embargo, la organizaci\u00f3n ha declarado que esto es diferente de CVE - 2007 - 6166."}], "id": "CVE-2007-6238", "lastModified": "2017-08-08T01:29:02.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-04T18:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}, {"source": "cve@mitre.org", "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26682"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019039"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

JSON object

JSON object

JSON object