Vulnerability Name:
CVE-2007-0711 (CCN-32814)
Assigned:
2007-03-05
Published:
2007-03-05
Updated:
2018-10-30
Summary:
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
CVSS v3 Severity:
9.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.6 High
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
)
5.6 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-189
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2007-0711
Source: CCN
Type: QuickTime 7.1.5 Update
About the security content of QuickTime 7.1.5
Source: CONFIRM
Type: Patch, Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305149
Source: APPLE
Type: Vendor Advisory
APPLE-SA-2007-03-05
Source: OSVDB
Type: UNKNOWN
33905
Source: CCN
Type: SA24359
Apple QuickTime Multiple Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
24359
Source: CCN
Type: SECTRACK ID: 1017725
QuickTime Buffer Overflows and Integer Overflows in Processing 3GP, MIDI, Quicktime movie, PICT , and QTIF Files Let Remote Users Execute Arbitrary Code
Source: CCN
Type: US-CERT VU#568689
Apple QuickTime 3GP integer overflow
Source: CERT-VN
Type: US Government Resource
VU#568689
Source: CCN
Type: OSVDB ID: 33905
Apple QuickTime Crafted 3GP Video File Unspecified Overflow
Source: BID
Type: UNKNOWN
22827
Source: CCN
Type: BID-22827
Apple QuickTime Multiple Unspecified Code Execution Vulnerabilities
Source: SECTRACK
Type: UNKNOWN
1017725
Source: CERT
Type: Patch, US Government Resource
TA07-065A
Source: VUPEN
Type: UNKNOWN
ADV-2007-0825
Source: XF
Type: UNKNOWN
quicktime-3gpvideo-overflow(32814)
Source: XF
Type: UNKNOWN
quicktime-3gpvideo-overflow(32814)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:apple:quicktime:3.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:quicktime:4.1.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:5.0.1:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:5.0.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.0.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.0.1:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.0.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.1.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.1.1:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.2.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.3.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.4.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.1:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:6.5.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.1:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.3:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.0.4:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.0:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.1:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:7.1.3:-:windows:*:*:*:*:*
OR
cpe:/a:apple:quicktime:*:-:windows:*:*:*:*:*
(Version <= 7.1.4)
AND
cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
apple
quicktime 3.0
apple
quicktime 4.1.2 -
apple
quicktime 5.0.1 -
apple
quicktime 5.0.2 -
apple
quicktime 6.0 -
apple
quicktime 6.0.0 -
apple
quicktime 6.0.1 -
apple
quicktime 6.0.2 -
apple
quicktime 6.1.0 -
apple
quicktime 6.1.1 -
apple
quicktime 6.2.0 -
apple
quicktime 6.3.0 -
apple
quicktime 6.4.0 -
apple
quicktime 6.5.0 -
apple
quicktime 6.5.1 -
apple
quicktime 6.5.2 -
apple
quicktime 7.0 -
apple
quicktime 7.0.0 -
apple
quicktime 7.0.1 -
apple
quicktime 7.0.2 -
apple
quicktime 7.0.3 -
apple
quicktime 7.0.4 -
apple
quicktime 7.1.0 -
apple
quicktime 7.1.1 -
apple
quicktime 7.1.2 -
apple
quicktime 7.1.3 -
apple
quicktime * -
microsoft
windows *
Denotes that component is vulnerable