CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2007 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6261 189 DoS Overflow 2007-12-05 2008-09-05
4.9
None Local Low Not required None None Complete
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
2 CVE-2007-6166 119 2 Exec Code Overflow 2007-11-28 2011-08-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
3 CVE-2007-5850 119 Exec Code Overflow 2007-12-19 2008-09-05
8.8
None Remote Medium Not required Complete Complete None
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
4 CVE-2007-5848 119 Exec Code Overflow 2007-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
5 CVE-2007-5450 119 1 DoS Overflow 2007-10-14 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
6 CVE-2007-4812 119 DoS Overflow 2007-09-11 2009-02-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.
7 CVE-2007-4707 119 Exec Code Overflow 2007-12-14 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
8 CVE-2007-4706 119 Exec Code Overflow 2007-12-14 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
9 CVE-2007-4684 119 Exec Code Overflow 2007-11-14 2011-10-11
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
10 CVE-2007-4682 119 DoS Exec Code Overflow 2007-11-14 2013-01-03
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
11 CVE-2007-4681 119 DoS Exec Code Overflow 2007-11-14 2013-01-03
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
12 CVE-2007-4677 119 Exec Code Overflow 2007-11-07 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
13 CVE-2007-4676 119 Exec Code Overflow 2007-11-07 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
14 CVE-2007-4675 119 Exec Code Overflow 2007-11-07 2011-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
15 CVE-2007-4674 189 Exec Code Overflow 2007-11-27 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
16 CVE-2007-4672 119 Exec Code Overflow 2007-11-07 2008-11-15
7.6
Admin Remote High Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
17 CVE-2007-4269 189 Exec Code Overflow 2007-11-14 2012-02-29
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.
18 CVE-2007-4268 189 Exec Code Overflow 2007-11-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.
19 CVE-2007-4267 119 Exec Code Overflow 2007-11-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.
20 CVE-2007-3944 119 Exec Code Overflow 2007-07-23 2011-04-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
21 CVE-2007-3876 119 1 Exec Code Overflow 2007-12-19 2008-09-05
6.6
None Local Low Not required Complete Complete None
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.
22 CVE-2007-3752 119 DoS Exec Code Overflow 2007-09-06 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
23 CVE-2007-3750 119 Exec Code Overflow 2007-11-07 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
24 CVE-2007-3748 Exec Code Overflow 2007-08-03 2008-09-05
5.4
User Local Network Medium Not required Partial Partial Partial
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
25 CVE-2007-3744 119 Exec Code Overflow 2007-08-03 2008-09-05
5.8
User Local Network Low Not required Partial Partial Partial
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
26 CVE-2007-3743 119 DoS Exec Code Overflow 2007-08-03 2012-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.
27 CVE-2007-3376 DoS Exec Code Overflow 2007-06-25 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
28 CVE-2007-2394 Exec Code Overflow 2007-07-15 2013-07-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
29 CVE-2007-2390 DoS Exec Code Overflow 2007-05-24 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
30 CVE-2007-2386 DoS Exec Code Overflow 2007-05-24 2008-09-05
9.4
None Remote Low Not required Complete None Complete
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
31 CVE-2007-2296 189 Exec Code Overflow 2007-04-26 2011-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.
32 CVE-2007-2295 119 Exec Code Overflow 2007-04-26 2011-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
33 CVE-2007-1071 DoS Exec Code Overflow 2007-02-22 2008-09-05
7.8
None Remote Low Not required None None Complete
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
34 CVE-2007-0754 Exec Code Overflow 2007-05-14 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
35 CVE-2007-0750 DoS Exec Code Overflow 2007-05-24 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
36 CVE-2007-0749 Exec Code Overflow 2007-05-13 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
37 CVE-2007-0748 Exec Code Overflow 2007-05-13 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
38 CVE-2007-0746 Exec Code Overflow 2007-04-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
39 CVE-2007-0741 Exec Code Overflow 2007-04-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
40 CVE-2007-0736 Exec Code Overflow 2007-04-24 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
41 CVE-2007-0734 119 Exec Code Overflow Mem. Corr. 2007-04-10 2011-07-18
5.4
None Local Network Medium Not required Partial Partial Partial
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.
42 CVE-2007-0731 Exec Code Overflow 2007-03-13 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
43 CVE-2007-0725 Exec Code Overflow 2007-04-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."
44 CVE-2007-0722 Exec Code Overflow 2007-03-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
45 CVE-2007-0719 Exec Code Overflow 2007-03-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
46 CVE-2007-0718 119 DoS Exec Code Overflow Mem. Corr. 2007-03-05 2011-10-18
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.
47 CVE-2007-0717 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
48 CVE-2007-0716 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
49 CVE-2007-0715 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
50 CVE-2007-0714 189 DoS Exec Code Overflow 2007-03-05 2009-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
Total number of vulnerabilities : 58   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.