| Vulnerability Name: | CCN-38280 | ||||||
| Published: | 2007-11-05 | ||||||
| Updated: | 2007-11-05 | ||||||
| Summary: | Apple QuickTime is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing the PackBitsRgn opcodes. By persuading a victim to open a specially-crafted PICT file, a remote attacker could cause the victim's QuickTime application to crash or possibly execute arbitrary code on the victim's system with the privileges of the victim. An attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site. | ||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
| CVSS v2 Severity: | 9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Apple Web site About the security content of QuickTime 7.3 Source: CCN Type: SA27523 Apple QuickTime Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1018894 QuickTime Movie/PICT/QTVR/Java Bugs Let Remote Users Execute Arbitrary Code Source: CCN Type: Apple QuickTime Web site Apple - QuickTime Source: CCN Type: US-CERT VU#690515 Apple QuickTime buffer overflow vulnerability Source: CCN Type: BID-26345 Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN quicktime-packbitsrgn-bo(38280) Source: CCN Type: ZDI-07-066 Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||