Lucene search
Ruben Santamarta of reversemode.comZDI-07-067HistoryNov 05, 2007 - 12:00 a.m.
Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
2007-11-0500:00:00
Ruben Santamarta of reversemode.com
www.zerodayinitiative.com
8
EPSS
0.943
Percentile
99.3%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution.
Related
cve
cve
CVE-2007-4676
2007-11-07 23:46:00
zdi
zdi
Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability
2007-11-05 00:00:00
cert
cert
Apple QuickTime buffer overflow vulnerability
2007-11-13 00:00:00
nvd
nvd
CVE-2007-4676
2007-11-07 23:46:00
prion
prion
Heap overflow
2007-11-07 23:46:00
cvelist
cvelist
CVE-2007-4676
2007-11-07 20:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Apple QuickTime multiple security vulnerabilities
2007-11-15 00:00:00
nessus
nessus
QuickTime < 7.3 Multiple Vulnerabilities (Windows)
2007-11-06 00:00:00
QuickTime < 7.3 Multiple Vulnerabilities (Mac OS X)
2007-11-06 00:00:00