Vulnerability Name:

CVE-2006-1463 (CCN-26396)

Assigned:2006-05-11
Published:2006-05-11
Updated:2018-10-18
Summary:Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-1463

Source: CCN
Type: Apple QuickTime 7.1 Update
About the security content of the QuickTime 7.1 Update

Source: APPLE
Type: Patch
APPLE-SA-2006-05-11

Source: CCN
Type: SA20069
QuickTime Multiple Code Execution Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
20069

Source: SREASON
Type: UNKNOWN
888

Source: CCN
Type: SECTRACK ID: 1016067
Apple QuickTime Buffer Overflows in Processing JPEG/BMP/FlashPix/PICT Images and QuickTime/AVI/MPEG4/Flash Movies Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1016067

Source: BUGTRAQ
Type: UNKNOWN
20060511 ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability

Source: BID
Type: Patch
17953

Source: CCN
Type: BID-17953
Apple QuickTime Multiple Integer and Buffer Overflow Vulnerabilities

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-132B
Apple QuickTime Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-132B

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1778

Source: MISC
Type: Patch
http://www.zerodayinitiative.com/advisories/ZDI-06-015.html

Source: XF
Type: UNKNOWN
quicktime-h264-bo(26396)

Source: XF
Type: UNKNOWN
quicktime-h264-bo(26396)

Source: CCN
Type: ZDI-06-015
Apple QuickTime H.264 Parsing Heap Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple quicktime 7.0.3
    apple quicktime 7.0.4
    apple quicktime 7.0.1
    apple quicktime 7.0.3
    apple quicktime 7.0
    apple quicktime 7.0.2
    apple quicktime 7.0.4