CVE-2007-4675 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-4675?

CVE-2007-4675 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4675?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.

Vulnerability Description

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Quicktime	< 7.3
Apple	Mac Os X	10.3.9
Microsoft	Windows Vista	-
Microsoft	Windows Xp	All versions

Related Weaknesses (CWE)

CWE-119

References

http://blog.48bits.com/?p=176Third Party Advisory
http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620Broken Link
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlPatchVendor Advisory
http://secunia.com/advisories/27523Third Party Advisory
http://www.48bits.com/advisories/qt_pdat_heapbof.pdfThird Party Advisory
http://www.osvdb.org/38545Broken Link
http://www.securityfocus.com/archive/1/483564/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/26342Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018894Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-310A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2007/3723Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38282Third Party AdvisoryVDB Entry
http://blog.48bits.com/?p=176Third Party Advisory
http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory

FAQ

What is CVE-2007-4675?

CVE-2007-4675 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Realit...

How severe is CVE-2007-4675?

CVE-2007-4675 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4675?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.