CVE-2007-4676
published 2007-11-07CVE-2007-4676: Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
46.66%
98.7th percentile
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://docs.info.apple.com/article.html?artnum=306896http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlhttp://osvdb.org/38546http://secunia.com/advisories/27523http://securityreason.com/securityalert/3351http://www.kb.cert.org/vuls/id/690515http://www.securityfocus.com/archive/1/483311/100/0/threadedhttp://www.securityfocus.com/archive/1/483313/100/0/threadedhttp://www.securityfocus.com/bid/26345http://www.securitytracker.com/id?1018894http://www.us-cert.gov/cas/techalerts/TA07-310A.htmlhttp://www.vupen.com/english/advisories/2007/3723http://www.zerodayinitiative.com/advisories/ZDI-07-066.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-07-067.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38280https://exchange.xforce.ibmcloud.com/vulnerabilities/38281http://docs.info.apple.com/article.html?artnum=306896http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlhttp://osvdb.org/38546http://secunia.com/advisories/27523http://securityreason.com/securityalert/3351http://www.kb.cert.org/vuls/id/690515http://www.securityfocus.com/archive/1/483311/100/0/threadedhttp://www.securityfocus.com/archive/1/483313/100/0/threadedhttp://www.securityfocus.com/bid/26345http://www.securitytracker.com/id?1018894http://www.us-cert.gov/cas/techalerts/TA07-310A.htmlhttp://www.vupen.com/english/advisories/2007/3723http://www.zerodayinitiative.com/advisories/ZDI-07-066.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-07-067.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38280https://exchange.xforce.ibmcloud.com/vulnerabilities/38281
2007-11-07
Published