CVE-2007-4672

2007-11-0723:46:00

CWE-119

mitre

web.nvd.nist.gov

cve-2007-4672

apple quicktime

buffer overflow

remote code execution

pict image

vulnerability

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.254

Percentile

96.8%

JSON

Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.

Affected configurations

Nvd

Node

applemac_os_xMatch10.3.9

applemac_os_xMatch10.4.9

applemac_os_xMatch10.5

microsoftwindows_vista

microsoftwindows_xpsp2

AND

applequicktimeRange≤7.2

VendorProductVersionCPE
applemac_os_x10.3.9cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
applemac_os_x10.4.9cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
applemac_os_x10.5cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
applequicktime*cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.3.9	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
apple	mac_os_x	10.4.9	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
apple	mac_os_x	10.5	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::::::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
apple	quicktime	*	cpe:2.3:a:apple:quicktime::::::::