Sign-up

ID

VAR-200703-0010


CVE

CVE-2007-0712


TITLE

Apple QuickTime 3GP integer overflow

Trust: 0.8

sources: CERT/CC: VU#568689

DESCRIPTION

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. Remote attackers may exploit these vulnerabilities to control the user's machine by enticing the user to open and process malformed media files. There was a heap overflow in QuickTime's handling of MIDI files. (CVE-2007-0712)

Trust: 7.74

sources: NVD: CVE-2007-0712 // CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // JVNDB: JVNDB-2007-000192 // BID: 22827 // VULHUB: VHN-24074

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 6.4

vendor:applemodel:quicktimescope:lteversion:7.1.4

Trust: 1.8

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.1.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.5.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:4.1.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.5.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.2.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.1.5

Trust: 0.3

sources: CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // BID: 22827 // JVNDB: JVNDB-2007-000192 // CNNVD: CNNVD-200703-172 // NVD: CVE-2007-0712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0712
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#568689
value: 16.20

Trust: 0.8

CARNEGIE MELLON: VU#880561
value: 6.64

Trust: 0.8

CARNEGIE MELLON: VU#822481
value: 9.00

Trust: 0.8

CARNEGIE MELLON: VU#861817
value: 17.36

Trust: 0.8

CARNEGIE MELLON: VU#448745
value: 4.81

Trust: 0.8

CARNEGIE MELLON: VU#313225
value: 17.72

Trust: 0.8

CARNEGIE MELLON: VU#410993
value: 16.20

Trust: 0.8

CARNEGIE MELLON: VU#642433
value: 16.20

Trust: 0.8

NVD: CVE-2007-0712
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200703-172
value: CRITICAL

Trust: 0.6

VULHUB: VHN-24074
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0712
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2007-0712
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-24074
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // VULHUB: VHN-24074 // JVNDB: JVNDB-2007-000192 // CNNVD: CNNVD-200703-172 // NVD: CVE-2007-0712

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-24074 // NVD: CVE-2007-0712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-172

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200703-172

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000192

PATCH
title:QuickTime 7.1.5 for Macurl:http://www.apple.com/support/downloads/quicktime715formac.html
Trust: 0.8
title:QuickTime 7.1.5 for Windowsurl:http://www.apple.com/support/downloads/quicktime715forwindows.html
Trust: 0.8
title:QuickTime 7.1.5url:http://docs.info.apple.com/article.html?artnum=305149
Trust: 0.8
title:QuickTime 7.1.5url:http://docs.info.apple.com/article.html?artnum=305149-ja
Trust: 0.8
title:アップル - QuickTimeurl:http://www.apple.com/jp/quicktime/download/win.html
Trust: 0.8
title:QuickTime 7.1.5 for Macurl:http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html
Trust: 0.8
title:QuickTime 7.1.5 for Windowsurl:http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000192

EXTERNAL IDS
db:BIDid:22827
Trust: 9.2
db:SECUNIAid:24359
Trust: 8.9
db:SECTRACKid:1017725
Trust: 8.1
db:AUSCERTid:AL-2007.0031
Trust: 6.4
db:CERT/CCid:VU#822481
Trust: 3.6
db:NVDid:CVE-2007-0712
Trust: 2.8
db:USCERTid:TA07-065A
Trust: 2.8
db:VUPENid:ADV-2007-0825
Trust: 1.7
db:OSVDBid:33904
Trust: 1.7
db:CERT/CCid:VU#568689
Trust: 1.1
db:CERT/CCid:VU#880561
Trust: 1.1
db:CERT/CCid:VU#861817
Trust: 1.1
db:CERT/CCid:VU#448745
Trust: 1.1
db:CERT/CCid:VU#313225
Trust: 1.1
db:CERT/CCid:VU#410993
Trust: 1.1
db:CERT/CCid:VU#642433
Trust: 1.1
db:BIDid:22843
Trust: 0.8
db:BIDid:22844
Trust: 0.8
db:ZDIid:ZDI-07-010
Trust: 0.8
db:XFid:32814
Trust: 0.8
db:USCERTid:SA07-065A
Trust: 0.8
db:JVNDBid:JVNDB-2007-000192
Trust: 0.8
db:CNNVDid:CNNVD-200703-172
Trust: 0.7
db:CERT/CCid:TA07-065A
Trust: 0.6
db:APPLEid:APPLE-SA-2007-03-05
Trust: 0.6
db:XFid:32816
Trust: 0.6
db:VULHUBid:VHN-24074
Trust: 0.1
sources:
            
            
            CERT/CC: VU#568689 // 
            
            
            
            CERT/CC: VU#880561 // 
            
            
            
            CERT/CC: VU#822481 // 
            
            
            
            CERT/CC: VU#861817 // 
            
            
            
            CERT/CC: VU#448745 // 
            
            
            
            CERT/CC: VU#313225 // 
            
            
            
            CERT/CC: VU#410993 // 
            
            
            
            CERT/CC: VU#642433 // 
            
            
            
            VULHUB: VHN-24074 // 
            
            
            
            BID: 22827 // 
            
            
            
            JVNDB: JVNDB-2007-000192 // 
            
            
            
            CNNVD: CNNVD-200703-172 // 
            
            
            
            NVD: CVE-2007-0712

REFERENCES
url:http://www.securityfocus.com/bid/22827
Trust: 8.9
url:http://docs.info.apple.com/article.html?artnum=305149
Trust: 8.1
url:http://secunia.com/advisories/24359/
Trust: 6.4
url:http://www.auscert.org.au/7356
Trust: 6.4
url:http://www.ciac.org/ciac/bulletins/r-171.shtml 
Trust: 6.4
url:http://securitytracker.com/id?1017725 
Trust: 5.6
url:http://www.us-cert.gov/cas/techalerts/ta07-065a.html
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/822481
Trust: 2.8
url:http://www.apple.com/quicktime/download/
Trust: 2.7
url:http://www.securitytracker.com/id?1017725
Trust: 2.5
url:http://secunia.com/advisories/24359
Trust: 2.5
url:http://www.us-cert.gov/cas/tips/st04-010.html
Trust: 2.4
url:http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676
Trust: 2.4
url:http://www.cert.org/tech_tips/before_you_plug_in.html
Trust: 2.4
url:http://www.mozilla.org/support/firefox/faq
Trust: 2.4
url:http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html
Trust: 1.7
url:http://osvdb.org/33904
Trust: 1.7
url:http://www.apple.com/itunes/
Trust: 1.6
url:http://www.frsirt.com/english/advisories/2007/0825
Trust: 1.4
url:http://www.vupen.com/english/advisories/2007/0825
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32816
Trust: 1.1
url:http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt
Trust: 0.8
url:http://en.wikipedia.org/wiki/.mov
Trust: 0.8
url:http://www.securityfocus.com/bid/22843
Trust: 0.8
url:http://en.wikipedia.org/wiki/musical_instrument_digital_interface
Trust: 0.8
url:http://developer.apple.com/documentation/quicktime/qtff/index.html
Trust: 0.8
url:http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html
Trust: 0.8
url:http://secway.org/advisory/ad20070306.txt
Trust: 0.8
url:http://secway.org/advisory/ad20060512.txt
Trust: 0.8
url:http://www.zerodayinitiative.com/advisories/zdi-07-010.html
Trust: 0.8
url:http://www.securityfocus.com/bid/22844
Trust: 0.8
url:http://en.wikipedia.org/wiki/pict
Trust: 0.8
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Trust: 0.8
url:http://www.reversemode.com/index.php?option=com_remository&itemid=2&func=fileinfo&id=46
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0712
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/32814
Trust: 0.8
url:http://jvn.jp/cert/jvnta07-065a/index.html
Trust: 0.8
url:http://jvn.jp/tr/trta07-065a/index.html
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0712
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa07-065a.html
Trust: 0.8
url:http://www.cyberpolice.go.jp/important/2007/20070306_153534.html
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/32816
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:msg://bugtraq/45ec9719.10206@idefense.com
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/313225
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/410993
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/448745
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/568689
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/642433
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/861817
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/880561
Trust: 0.3
sources:
            
            
            CERT/CC: VU#568689 // 
            
            
            
            CERT/CC: VU#880561 // 
            
            
            
            CERT/CC: VU#822481 // 
            
            
            
            CERT/CC: VU#861817 // 
            
            
            
            CERT/CC: VU#448745 // 
            
            
            
            CERT/CC: VU#313225 // 
            
            
            
            CERT/CC: VU#410993 // 
            
            
            
            CERT/CC: VU#642433 // 
            
            
            
            VULHUB: VHN-24074 // 
            
            
            
            BID: 22827 // 
            
            
            
            JVNDB: JVNDB-2007-000192 // 
            
            
            
            CNNVD: CNNVD-200703-172 // 
            
            
            
            NVD: CVE-2007-0712

CREDITS
JJ Reyes
Mike Price
iotr Bania
Artur Ogloza
Piotr Bania※ bania.piotr@gmail.com※Sowhat※ smaillist@gmail.com※http://www.zerodayinitiative.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200703-172

SOURCES
db:CERT/CCid:VU#568689
db:CERT/CCid:VU#880561
db:CERT/CCid:VU#822481
db:CERT/CCid:VU#861817
db:CERT/CCid:VU#448745
db:CERT/CCid:VU#313225
db:CERT/CCid:VU#410993
db:CERT/CCid:VU#642433
db:VULHUBid:VHN-24074
db:BIDid:22827
db:JVNDBid:JVNDB-2007-000192
db:CNNVDid:CNNVD-200703-172
db:NVDid:CVE-2007-0712

LAST UPDATE DATE
2025-05-10T21:02:10.560000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#568689date:2007-03-19T00:00:00
db:CERT/CCid:VU#880561date:2007-03-19T00:00:00
db:CERT/CCid:VU#822481date:2007-03-19T00:00:00
db:CERT/CCid:VU#861817date:2007-03-19T00:00:00
db:CERT/CCid:VU#448745date:2007-03-09T00:00:00
db:CERT/CCid:VU#313225date:2007-03-19T00:00:00
db:CERT/CCid:VU#410993date:2007-03-19T00:00:00
db:CERT/CCid:VU#642433date:2007-03-19T00:00:00
db:VULHUBid:VHN-24074date:2018-10-30T00:00:00
db:BIDid:22827date:2007-03-06T21:05:00
db:JVNDBid:JVNDB-2007-000192date:2007-04-19T00:00:00
db:CNNVDid:CNNVD-200703-172date:2009-03-16T00:00:00
db:NVDid:CVE-2007-0712date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#568689date:2007-03-06T00:00:00
db:CERT/CCid:VU#880561date:2007-03-06T00:00:00
db:CERT/CCid:VU#822481date:2007-03-06T00:00:00
db:CERT/CCid:VU#861817date:2007-03-06T00:00:00
db:CERT/CCid:VU#448745date:2007-03-06T00:00:00
db:CERT/CCid:VU#313225date:2007-03-06T00:00:00
db:CERT/CCid:VU#410993date:2007-03-06T00:00:00
db:CERT/CCid:VU#642433date:2007-03-06T00:00:00
db:VULHUBid:VHN-24074date:2007-03-05T00:00:00
db:BIDid:22827date:2007-03-05T00:00:00
db:JVNDBid:JVNDB-2007-000192date:2007-04-19T00:00:00
db:CNNVDid:CNNVD-200703-172date:2007-03-05T00:00:00
db:NVDid:CVE-2007-0712date:2007-03-05T22:19:00