CVE-2007-4676 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-4676?

CVE-2007-4676 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4676?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.

Vulnerability Description

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Quicktime	< 7.3
Apple	Mac Os X	10.3.9
Microsoft	Windows Vista	-
Microsoft	Windows Xp	-

Related Weaknesses (CWE)

CWE-119

References

http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlVendor Advisory
http://osvdb.org/38546Broken Link
http://secunia.com/advisories/27523Third Party Advisory
http://securityreason.com/securityalert/3351Third Party Advisory
http://www.kb.cert.org/vuls/id/690515Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/archive/1/483311/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/483313/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/26345Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018894Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-310A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2007/3723Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-066.htmlThird Party AdvisoryVDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-07-067.htmlThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38280Third Party AdvisoryVDB Entry

FAQ

What is CVE-2007-4676?

CVE-2007-4676 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn...

How severe is CVE-2007-4676?

CVE-2007-4676 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4676?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.