Vulnerability Name: | CVE-2006-4384 (CCN-28930) |
Assigned: | 2006-09-12 |
Published: | 2006-09-12 |
Updated: | 2018-10-17 |
Summary: | Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. This vulnerability is addressed in the following product release:
Apple, QuickTime Player, 7.1.3
|
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: BugTraq Mailing List, Fri Sep 15 2006 - 11:07:11 CDT [Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow
Source: CCN Type: Full-Disclosure Mailing List, Wed Sep 13 2006 - 11:56:06 CDT Multiple Vulnerabilities in Apple QuickTime
Source: MITRE Type: CNA CVE-2006-4384
Source: CCN Type: Apple QuickTime 7.1.3 Update About the security content of QuickTime 7.1.3
Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=304357
Source: APPLE Type: Patch APPLE-SA-2006-09-12
Source: CCN Type: SA21893 Apple QuickTime Multiple Vulnerabilities
Source: SECUNIA Type: UNKNOWN 21893
Source: SECUNIA Type: UNKNOWN 29182
Source: GENTOO Type: UNKNOWN GLSA-200803-08
Source: SREASON Type: UNKNOWN 1554
Source: CCN Type: SECTRACK ID: 1016830 QuickTime Overflows in Processing H.264, QuickTime, FLC, FlashPix and SGI Files Let Remote Users Execute Arbitrary Code
Source: SECTRACK Type: UNKNOWN 1016830
Source: CCN Type: GLSA-200803-08 Win32 binary codecs: Multiple vulnerabilities
Source: IDEFENSE Type: Patch, Vendor Advisory 20060912 Apple QuickTime FLIC File Heap Overflow Vulnerability
Source: CCN Type: US-CERT VU#489836 Apple QuickTime fails to properly handle FLC movies
Source: CERT-VN Type: US Government Resource VU#489836
Source: OSVDB Type: UNKNOWN 28771
Source: CCN Type: OSVDB ID: 28771 Apple QuickTime FLC Movie COLOR_64 Chunk Overflow
Source: MISC Type: UNKNOWN http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=24
Source: MISC Type: UNKNOWN http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=25
Source: BUGTRAQ Type: UNKNOWN 20060913 Multiple Vulnerabilities in Apple QuickTime
Source: BUGTRAQ Type: UNKNOWN 20060915 [Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow
Source: BID Type: Exploit, Patch 19976
Source: CCN Type: BID-19976 Apple QuickTime Multiple Overflow and Exception Vulnerabilities
Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-256A Technical Cyber Security Alert TA06-256A
Source: VUPEN Type: UNKNOWN ADV-2006-3577
Source: XF Type: UNKNOWN quicktime-flic-bo(28930)
Source: XF Type: UNKNOWN quicktime-flic-buffer-overflow(28930)
Source: CCN Type: iDEFENSE ADVISORY: 09.12.06 Apple QuickTime FLIC File Heap Overflow Vulnerability
|
Vulnerable Configuration: | Configuration 1: cpe:/a:apple:quicktime:5.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:5.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:5.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0:*:windows:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:*:*:*:*:*:*:*:* (Version <= 7.1.2) Configuration CCN 1: cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.2:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |