Lucene search
Ruben Santamarta of reversemode.comZDI-07-066HistoryNov 05, 2007 - 12:00 a.m.
Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability
2007-11-0500:00:00
Ruben Santamarta of reversemode.com
www.zerodayinitiative.com
22
EPSS
0.943
Percentile
99.3%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user.
Related
cert
cert
Apple QuickTime buffer overflow vulnerability
2007-11-13 00:00:00
nvd
nvd
CVE-2007-4676
2007-11-07 23:46:00
cve
cve
CVE-2007-4676
2007-11-07 23:46:00
prion
prion
Heap overflow
2007-11-07 23:46:00
zdi
zdi
Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
2007-11-05 00:00:00
cvelist
cvelist
CVE-2007-4676
2007-11-07 20:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2007-11-15 00:00:00
nessus
nessus
QuickTime < 7.3 Multiple Vulnerabilities (Windows)
2007-11-06 00:00:00
QuickTime < 7.3 Multiple Vulnerabilities (Mac OS X)
2007-11-06 00:00:00