CVE-2007-4677 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-4677?

CVE-2007-4677 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4677?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.

Vulnerability Description

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Quicktime	< 7.3
Apple	Mac Os X	10.3.9
Microsoft	Windows Vista	-
Microsoft	Windows Xp	-

Related Weaknesses (CWE)

CWE-119

References

http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlVendor Advisory
http://secunia.com/advisories/27523Third Party Advisory
http://securityreason.com/securityalert/3352Third Party Advisory
http://www.kb.cert.org/vuls/id/445083Third Party AdvisoryUS Government Resource
http://www.osvdb.org/38544Broken Link
http://www.securityfocus.com/archive/1/483312/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/26338Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018894Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-310A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2007/3723Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-065.htmlThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38283Third Party AdvisoryVDB Entry
http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlVendor Advisory

FAQ

What is CVE-2007-4677?

CVE-2007-4677 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, rel...

How severe is CVE-2007-4677?

CVE-2007-4677 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4677?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.