Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-2394

Published: 15/07/2007 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

Integer overflow in Apple Quicktime prior to 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote malicious users to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

Vulnerable Product Search on Vulmon Subscribe to Product

apple quicktime -

apple quicktime 7.1

apple quicktime 7.0

apple quicktime 7.0.1

apple quicktime 7.0.2

apple quicktime 7.1.3

apple quicktime 7.1.4

apple quicktime 7.0.3

apple quicktime 7.0.4

apple quicktime 7.1.5

apple quicktime 7.1.1

apple quicktime 7.1.2

Exploits

Exploit DB: apple-overflow.txt
Apple QuickTime versions below 72 SMIL integer overflow proof of concept exploit ...
Exploit DB: Apple QuickTime 7.1.5 - Information Disclosure / Multiple Code Execution Vulnerabilities
source: wwwsecurityfocuscom/bid/24873/info Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites Successful exploits may allow attackers to exe ...
Exploit DB: Apple QuickTime < 7.2 - SMIL Remote Integer Overflow
---------------------------------------------------------------------- ATTACK VECTORS ---------------------------------------------------------------------- This vulnerability can be triggered by luring a target user into running a malicious SMIL file locally or via a webpage In the later scenario the OBJECT (IE) and/or EMBED (FireFox) tags can b ...

References

NVD-CWE-Otherhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.htmlhttp://www.securityfocus.com/bid/24873http://secunia.com/advisories/26034http://www.us-cert.gov/cas/techalerts/TA07-193A.htmlhttp://www.securitytracker.com/id?1018373http://www.vupen.com/english/advisories/2007/2510http://osvdb.org/36134http://docs.info.apple.com/article.html?artnum=305947https://exchange.xforce.ibmcloud.com/vulnerabilities/35357http://www.securityfocus.com/archive/1/473882/100/100/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/59040/apple-overflow.txt.htmlhttps://www.exploit-db.com/exploits/30292/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook