Vulnerabilities > CVE-2007-0754 - Buffer Overflow vulnerability in Apple QuickTime MOV File STSD Heap

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

apple

critical

nessus

NVD

Published: 2007-05-14

Updated: 2018-10-16

Summary

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. This vulnerability is addressed in the following product release: Apple, QuickTime, 7.1.3

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Quicktime - Apple Quicktime 3 Apple Quicktime 3.0 Apple Quicktime 4.1.2 Apple Quicktime 5.0 Apple Quicktime 5.0.1 Apple Quicktime 5.0.2 Apple Quicktime 6.0 Apple Quicktime 6.0.0 Apple Quicktime 6.0.1 Apple Quicktime 6.0.2 Apple Quicktime 6.1 Apple Quicktime 6.1.0 Apple Quicktime 6.1.1 Apple Quicktime 6.2.0 Apple Quicktime 6.3.0 Apple Quicktime 6.4.0 Apple Quicktime 6.5 Apple Quicktime 6.5.0 Apple Quicktime 6.5.1 Apple Quicktime 6.5.2 Apple Quicktime 7.0 Apple Quicktime 7.0.0 Apple Quicktime 7.0.1 Apple Quicktime 7.0.2 Apple Quicktime 7.0.3 Apple Quicktime 7.0.4 Apple Quicktime 7.0.8 Apple Quicktime 7.1 Apple Quicktime 7.1.0 Apple Quicktime 7.1.1 Apple Quicktime 7.1.2	72

Nessus

NASL family	Windows
NASL id	QUICKTIME_713.NASL
description	The remote Windows host is running a version of QuickTime prior to 7.1.3. The remote version of QuickTime is vulnerable to various integer and buffer overflows involving specially crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having him open it using QuickTime player.
last seen	2020-06-01
modified	2020-06-02
plugin id	22336
published	2006-09-13
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22336
title	QuickTime < 7.1.3 Multiple Vulnerabilities (Windows)

Summary

Vulnerable Configurations

Nessus

References