Vulnerabilities > CVE-2007-0588 - Unspecified vulnerability in Apple mac OS X and Quicktime
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apple
nessus
Summary
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_4_9.NASL |
description | The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24811 |
published | 2007-03-13 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24811 |
title | Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003) |
code |
|
References
- http://docs.info.apple.com/article.html?artnum=305214
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/24479
- http://security-protocols.com/sp-x43-advisory.php
- http://security-protocols.com/sp-x43-advisory.php
- http://www.kb.cert.org/vuls/id/396820
- http://www.kb.cert.org/vuls/id/396820
- http://www.osvdb.org/33365
- http://www.osvdb.org/33365
- http://www.securityfocus.com/bid/22228
- http://www.securityfocus.com/bid/22228
- http://www.securitytracker.com/id?1017760
- http://www.securitytracker.com/id?1017760
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2007/0930
- http://www.vupen.com/english/advisories/2007/0930