Lucene search
Ruben Santamarta of reversemode.com and Mario Ballano of 48bits.comZDI-07-065HistoryNov 05, 2007 - 12:00 a.m.
Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability
2007-11-0500:00:00
Ruben Santamarta of reversemode.com and Mario Ballano of 48bits.com
www.zerodayinitiative.com
10
EPSS
0.801
Percentile
98.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code.
Related
nvd
nvd
CVE-2007-4677
2007-11-07 23:46:00
cert
cert
Apple QuickTime heap buffer overflow vulnerability
2007-11-15 00:00:00
prion
prion
Heap overflow
2007-11-07 23:46:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2007-4677
2007-11-07 23:46:00
cvelist
cvelist
CVE-2007-4677
2007-11-07 20:00:00
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2007-11-15 00:00:00
nessus
nessus
QuickTime < 7.3 Multiple Vulnerabilities (Windows)
2007-11-06 00:00:00
QuickTime < 7.3 Multiple Vulnerabilities (Mac OS X)
2007-11-06 00:00:00