CVE-2007-4676

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Windows Vista; Windows Xp
Vendor: CVE Published:; 7 November 2007

Summary

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-066.html

x_refsource_MISC

http://www.us-cert.gov/cas/techalerts/TA07-310A.html

third-party-advisoryx_refsource_CERT

http://docs.info.apple.com/article.html?artnum=306896

x_refsource_CONFIRM

EPSS Score

94% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 7, 2007
Vulnerability Reserved
Sep 5, 2007