CVE-2007-4676
Published Nov 7, 2007
Last updated 6 years ago
Overview
- Description
- Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "04B0096B-6F3A-4193-AD0F-D328A31D087D",
"versionEndExcluding": "7.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]