CVE-2007-4675 - OpenCVE

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Quicktime
Microsoft	Windows Vista Windows Xp

Configuration 1 [-]

AND

cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.10:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:microsoft:windows_vista:-:::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

No data.

References

Link	Providers
http://blog.48bits.com/?p=176
http://docs.info.apple.com/article.html?artnum=306896
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html
http://secunia.com/advisories/27523
http://www.48bits.com/advisories/qt_pdat_heapbof.pdf
http://www.osvdb.org/38545
http://www.securityfocus.com/archive/1/483564/100/0/threaded
http://www.securityfocus.com/bid/26342
http://www.securitytracker.com/id?1018894
http://www.us-cert.gov/cas/techalerts/TA07-310A.html
http://www.vupen.com/english/advisories/2007/3723
https://exchange.xforce.ibmcloud.com/vulnerabilities/38282

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-07T20:00:00

Updated: 2024-08-07T15:01:09.945Z

Reserved: 2007-09-05T00:00:00

Link: CVE-2007-4675

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-11-07T23:46:00.000

Modified: 2018-10-26T14:05:45.220

Link: CVE-2007-4675

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "TA07-310A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"name": "26342", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26342"}, {"tags": ["x_refsource_MISC"], "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"name": "20071105 Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"name": "20071110 [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"name": "38545", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/38545"}, {"name": "quicktime-qtvr-bo(38282)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}, {"name": "APPLE-SA-2007-11-05", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.48bits.com/?p=176"}, {"name": "27523", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27523"}, {"name": "1018894", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018894"}, {"name": "ADV-2007-3723", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3723"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4675", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA07-310A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"name": "26342", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26342"}, {"name": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf", "refsource": "MISC", "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"name": "http://docs.info.apple.com/article.html?artnum=306896", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"name": "20071105 Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"name": "20071110 [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"name": "38545", "refsource": "OSVDB", "url": "http://www.osvdb.org/38545"}, {"name": "quicktime-qtvr-bo(38282)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}, {"name": "APPLE-SA-2007-11-05", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"name": "http://blog.48bits.com/?p=176", "refsource": "MISC", "url": "http://blog.48bits.com/?p=176"}, {"name": "27523", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27523"}, {"name": "1018894", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018894"}, {"name": "ADV-2007-3723", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3723"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.945Z"}, "title": "CVE Program Container", "references": [{"name": "TA07-310A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"name": "26342", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26342"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"name": "20071105 Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"name": "20071110 [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"name": "38545", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/38545"}, {"name": "quicktime-qtvr-bo(38282)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}, {"name": "APPLE-SA-2007-11-05", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.48bits.com/?p=176"}, {"name": "27523", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27523"}, {"name": "1018894", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018894"}, {"name": "ADV-2007-3723", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3723"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4675", "datePublished": "2007-11-07T20:00:00", "dateReserved": "2007-09-05T00:00:00", "dateUpdated": "2024-08-07T15:01:09.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "matchCriteriaId": "04B0096B-6F3A-4193-AD0F-D328A31D087D", "versionEndExcluding": "7.3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la extensi\u00f3n de QuickTime VR versi\u00f3n 7.2.0.240 en QuickTime.qts en QuickTime de Apple anterior a versi\u00f3n 7.3, permite a los atacantes remotos ejecutar los c\u00f3digos arbitrarios por medio de un archivo de pel\u00edcula QTVR (Realidad Virtual de QuickTime) que contiene un campo de gran tama\u00f1o en el encabezado atom de un panorama sample atom."}], "id": "CVE-2007-4675", "lastModified": "2018-10-26T14:05:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-11-07T23:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://blog.48bits.com/?p=176"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=306896"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/27523"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/38545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/26342"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1018894"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3723"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}