CVE-2007-2394 - Vulnerability Details - OpenCVE

Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Quicktime

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*

OR	cpe:2.3:a:apple:quicktime:-:::::::*
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*
	cpe:2.3:a:apple:quicktime:7.0.3:::::::*
	cpe:2.3:a:apple:quicktime:7.0.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.2:::::::*
	cpe:2.3:a:apple:quicktime:7.1.3:::::::*
	cpe:2.3:a:apple:quicktime:7.1.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1.5:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=305947
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html
http://osvdb.org/36134
http://secunia.com/advisories/26034
http://www.securityfocus.com/archive/1/473882/100/100/threaded
http://www.securityfocus.com/bid/24873
http://www.securitytracker.com/id?1018373
http://www.us-cert.gov/cas/techalerts/TA07-193A.html
http://www.vupen.com/english/advisories/2007/2510
https://exchange.xforce.ibmcloud.com/vulnerabilities/35357

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-15T21:00:00

Updated: 2024-08-07T13:33:28.635Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2394

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-15T21:30:00.000

Modified: 2024-11-21T00:30:40.770

Link: CVE-2007-2394

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26034", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26034"}, {"name": "quicktime-smil-overflow(35357)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}, {"name": "1018373", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "24873", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24873"}, {"name": "20070717 Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "36134", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36134"}, {"name": "20070711 Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2394", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26034", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26034"}, {"name": "quicktime-smil-overflow(35357)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}, {"name": "1018373", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "24873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24873"}, {"name": "20070717 Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"name": "http://docs.info.apple.com/article.html?artnum=305947", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "36134", "refsource": "OSVDB", "url": "http://osvdb.org/36134"}, {"name": "20070711 Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.635Z"}, "title": "CVE Program Container", "references": [{"name": "26034", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26034"}, {"name": "quicktime-smil-overflow(35357)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}, {"name": "1018373", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "24873", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24873"}, {"name": "20070717 Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "36134", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36134"}, {"name": "20070711 Apple QuickTime SMIL File Processing Integer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2394", "datePublished": "2007-07-15T21:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.635Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EE08FAE-0862-4C36-95BC-878B04CBF397", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation."}, {"lang": "es", "value": "Desbordamiento de entero en Apple Quicktime anterior a 7.2 en Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante los campos (1) title y (2) author modificados artesanalmente en un fichero SMIL, relacionado con c\u00e1lculos indebidos para reserva de memoria."}], "id": "CVE-2007-2394", "lastModified": "2024-11-21T00:30:40.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-15T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36134"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26034"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24873"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018373"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/473882/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35357"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}