Vulnerability Details : CVE-2007-4676
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-4676
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4676
94.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4676
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-4676
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4676
-
http://docs.info.apple.com/article.html?artnum=306896
Vendor Advisory
-
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html
Vendor Advisory
-
http://www.securityfocus.com/bid/26345
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38280
Third Party Advisory;VDB Entry
-
http://www.us-cert.gov/cas/techalerts/TA07-310A.html
Third Party Advisory;US Government Resource
-
http://www.zerodayinitiative.com/advisories/ZDI-07-067.html
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/483311/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.zerodayinitiative.com/advisories/ZDI-07-066.html
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38281
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1018894
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/483313/100/0/threaded
Third Party Advisory;VDB Entry
-
http://securityreason.com/securityalert/3351
Third Party Advisory
-
http://www.kb.cert.org/vuls/id/690515
Third Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2007/3723
Third Party Advisory
Jump to