CVE-2007-6238 - OpenCVE

Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Quicktime

Configuration 1 [-]

cpe:2.3:a:apple:quicktime:7.2:*:windows_xp:*:*:*:*:*

No data.

References

Link	Providers
http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html
http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185
http://www.securityfocus.com/bid/26682
http://www.securitytracker.com/id?1019039
https://exchange.xforce.ibmcloud.com/vulnerabilities/38852

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-04T18:00:00

Updated: 2024-08-07T16:02:34.862Z

Reserved: 2007-12-04T00:00:00

Link: CVE-2007-6238

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-12-04T18:46:00.000

Modified: 2017-08-08T01:29:02.290

Link: CVE-2007-6238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"name": "26682", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26682"}, {"name": "quicktime-unspecified-code-execution(38852)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}, {"name": "1019039", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019039"}, {"tags": ["x_refsource_MISC"], "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185", "refsource": "MISC", "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"name": "26682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26682"}, {"name": "quicktime-unspecified-code-execution(38852)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}, {"name": "1019039", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019039"}, {"name": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html", "refsource": "MISC", "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:34.862Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"name": "26682", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26682"}, {"name": "quicktime-unspecified-code-execution(38852)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}, {"name": "1019039", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019039"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6238", "datePublished": "2007-12-04T18:00:00", "dateReserved": "2007-12-04T00:00:00", "dateUpdated": "2024-08-07T16:02:34.862Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:7.2:*:windows_xp:*:*:*:*:*", "matchCriteriaId": "FBA37276-D6FD-42B7-AD31-00A0AC81FEF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Apple QuickTime 7.2 sobre Windows XP permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un vector de ataque desconocido, probablemente una vulnerabilidad diferente que CVE-2007-6166. NOTA: esta informaci\u00f3n est\u00e1 basada en un aviso poco completo a trav\u00e9s de una organizaci\u00f3n que vende vulnerabilidades que no se coordina con vendedores o lleva a cabo avisos con informaci\u00f3n pertinente. Un CVE se ha asignado para facilitar su seguimiento, pero los duplicados con otros CVE son dif\u00edciles de determinar. Sin embargo, la organizaci\u00f3n ha declarado que esto es diferente de CVE - 2007 - 6166."}], "id": "CVE-2007-6238", "lastModified": "2017-08-08T01:29:02.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-04T18:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"}, {"source": "cve@mitre.org", "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26682"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019039"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}