CVE-2007-4675

{"id": "CVE-2007-4675", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-11-07T23:46:00.000", "references": [{"url": "http://blog.48bits.com/?p=176", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=306896", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27523", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.48bits.com/advisories/qt_pdat_heapbof.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/38545", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/483564/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26342", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018894", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3723", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38282", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la extensi\u00f3n de QuickTime VR versi\u00f3n 7.2.0.240 en QuickTime.qts en QuickTime de Apple  anterior a versi\u00f3n 7.3, permite a los atacantes remotos ejecutar los c\u00f3digos arbitrarios por medio  de un archivo de pel\u00edcula QTVR (Realidad Virtual de QuickTime) que contiene un campo de gran tama\u00f1o en el encabezado atom de un  panorama sample atom."}], "lastModified": "2018-10-26T14:05:45.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04B0096B-6F3A-4193-AD0F-D328A31D087D", "versionEndExcluding": "7.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}