Vulnerability Name:

CVE-2007-4707 (CCN-39030)

Assigned:2007-12-13
Published:2007-12-13
Updated:2017-07-29
Summary:Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-4707

Source: CCN
Type: Apple Web site
About the security content of QuickTime 7.3.1

Source: MISC
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307176

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-13

Source: CCN
Type: SA28092
Apple QuickTime Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
28092

Source: CCN
Type: SECTRACK ID: 1019099
QuickTime QTL File and Flash Media Bugs Let Remote Users Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 40884
Apple QuickTime Flash Media Handler QT Movie Handling Multiple Unspecified Overflows

Source: BID
Type: UNKNOWN
26866

Source: CCN
Type: BID-26866
Apple QuickTime Flash Media Player Multiple Unspecified Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019099

Source: VUPEN
Type: UNKNOWN
ADV-2007-4217

Source: XF
Type: UNKNOWN
quicktime-flash-media-code-execution(39030)

Source: XF
Type: UNKNOWN
quicktime-flash-media-code-execution(39030)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:quicktime:*:*:*:*:*:*:*:* (Version <= 7.3)

    • Configuration CCN 1:
  • cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:quicktime:7.1.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple quicktime *
    apple quicktime 7.0.1
    apple quicktime 7.0.3
    apple quicktime 7.1.3
    apple quicktime 7.2
    apple quicktime 7.3
    apple quicktime 7.0
    apple quicktime 7.0.2
    apple quicktime 7.0.4
    apple quicktime 7.1
    apple quicktime 7.1.1
    apple quicktime 7.1.2
    apple quicktime 7.1.4
    apple quicktime 7.1.5
    apple quicktime 7.1.6
    microsoft windows xp sp2
    apple mac os x 10.3.9
    microsoft windows vista *
    apple mac os x 10.4.9
    apple mac os x 10.5