Vulnerabilities > CVE-2007-0754 - Buffer Overflow vulnerability in Apple QuickTime MOV File STSD Heap
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. This vulnerability is addressed in the following product release: Apple, QuickTime, 7.1.3
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | QUICKTIME_713.NASL |
description | The remote Windows host is running a version of QuickTime prior to 7.1.3. The remote version of QuickTime is vulnerable to various integer and buffer overflows involving specially crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having him open it using QuickTime player. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22336 |
published | 2006-09-13 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22336 |
title | QuickTime < 7.1.3 Multiple Vulnerabilities (Windows) |
References
- http://docs.info.apple.com/article.html?artnum=304357
- http://dvlabs.tippingpoint.com/advisory/TPTI-07-07
- http://securityreason.com/securityalert/2703
- http://www.osvdb.org/35574
- http://www.securityfocus.com/archive/1/468305/100/0/threaded
- http://www.securityfocus.com/bid/23923
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34244