| Vulnerability Name: | CCN-35356 | ||||||
| Published: | 2007-07-11 | ||||||
| Updated: | 2007-07-11 | ||||||
| Summary: | Apple QuickTime could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified memory corruption vulnerability. By persuading a victim to open a specially-crafted H.264 movie file, a remote attacker could corrupt memory and cause the victim's QuickTime application to crash or possibly execute arbitrary code on the victim's system with the privileges of the user. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site. | ||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
| CVSS v2 Severity: | 7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Apple Web site About the security content of QuickTime 7.2 Source: CCN Type: Apple QuickTime Web site Apple - QuickTime Source: XF Type: UNKNOWN quicktime-h264-code-execution(35356) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||