Heap-based Buffer Overflow in Apple QuickTime Software
CVE-2007-4676

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Windows Vista; Windows Xp
Vendor: CVE Published:; 7 November 2007

Summary

A heap-based buffer overflow vulnerability exists in Apple QuickTime versions prior to 7.3. This vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted PICT image containing malformed Poly type (0x0070 to 0x0074) or PackBitsRgn field (0x0099) opcodes. When the QuickTime software parses these elements, it may lead to unintended memory corruption, enabling malicious actions and potential system compromise.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-066.html

x_refsource_MISC

http://www.us-cert.gov/cas/techalerts/TA07-310A.html

third-party-advisoryx_refsource_CERT

http://docs.info.apple.com/article.html?artnum=306896

x_refsource_CONFIRM

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 7, 2007
Vulnerability Reserved
Sep 5, 2007