Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0462 — Out-of-bounds Write in Apple MAC OS X

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
15.6%
top 5.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple Quicktime
Timeline
PublishedJan 26
Latest updateMay 1

Description

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

â–¶NVDapple/quicktime7.1.3
â–¶NVDapple/mac_os_x10.4.8

🔴Vulnerability Details

2
GHSA
GHSA-7rwm-m7c5-7p3g: The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7↗2022-05-01
â–¶
CVEList
CVE-2007-0462: The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7↗2007-01-26
â–¶

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption↗2007-01-23
â–¶
CVE-2007-0462 — Out-of-bounds Write in Apple MAC OS X | cvebase