Vulnerability Name:
CVE-2006-4389 (CCN-28938)
Assigned:
2006-09-12
Published:
2006-09-12
Updated:
2018-10-17
Summary:
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
CVSS v3 Severity:
5.6 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
5.1 Medium
(CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
3.8 Low
(Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
5.1 Medium
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
3.8 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 13 2006 - 11:56:06 CDT
Multiple Vulnerabilities in Apple QuickTime
Source: MITRE
Type: CNA
CVE-2006-4389
Source: CCN
Type: Apple QuickTime 7.1.3 Update
About the security content of QuickTime 7.1.3
Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=304357
Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-09-12
Source: CCN
Type: SA21893
Apple QuickTime Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
21893
Source: SECUNIA
Type: UNKNOWN
29182
Source: GENTOO
Type: UNKNOWN
GLSA-200803-08
Source: SREASON
Type: UNKNOWN
1554
Source: CCN
Type: SECTRACK ID: 1016830
QuickTime Overflows in Processing H.264, QuickTime, FLC, FlashPix and SGI Files Let Remote Users Execute Arbitrary Code
Source: SECTRACK
Type: UNKNOWN
1016830
Source: CCN
Type: GLSA-200803-08
Win32 binary codecs: Multiple vulnerabilities
Source: CCN
Type: US-CERT VU#540348
Apple QuickTime fails to properly handle FlashPix files
Source: CERT-VN
Type: US Government Resource
VU#540348
Source: OSVDB
Type: UNKNOWN
28769
Source: CCN
Type: OSVDB ID: 28769
Apple QuickTime FlashPix (FPX) File Arbitrary Code Execution
Source: BUGTRAQ
Type: UNKNOWN
20060913 Multiple Vulnerabilities in Apple QuickTime
Source: BID
Type: Exploit, Patch
19976
Source: CCN
Type: BID-19976
Apple QuickTime Multiple Overflow and Exception Vulnerabilities
Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-256A
Technical Cyber Security Alert TA06-256A
Source: CERT
Type: US Government Resource
TA06-256A
Source: VUPEN
Type: UNKNOWN
ADV-2006-3577
Source: XF
Type: UNKNOWN
quicktime-flashpix-code-execution(28938)
Source: XF
Type: UNKNOWN
quicktime-flashpix-code-execution(28938)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:apple:quicktime:5.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:apple:quicktime:6.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:5.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:5.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:5.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
AND
cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
apple
quicktime 5.0.2
apple
quicktime 6.0
apple
quicktime 6.1
apple
quicktime 6.5
apple
quicktime 6.5.1
apple
quicktime 6.5.2
apple
quicktime 7.0
apple
quicktime 7.0.1
apple
quicktime 7.0.2
apple
quicktime 7.0.3
apple
quicktime 7.0.4
apple
quicktime 7.1
apple
quicktime 7.1.1
apple
quicktime 7.1.2
apple
quicktime 6.0
apple
quicktime 6.5
apple
quicktime 6.5.2
apple
quicktime 7.0.1
apple
quicktime 7.0.3
apple
quicktime 5.0
apple
quicktime 5.0.1
apple
quicktime 5.0.2
apple
quicktime 6.1
apple
quicktime 6.5.1
apple
quicktime 7.0
apple
quicktime 7.0.2
apple
quicktime 7.0.4
apple
quicktime 7.1
apple
quicktime 7.1.1
apple
quicktime 7.1.2
gentoo
linux *
Denotes that component is vulnerable