Details of VAR-200705-0153

ID

VAR-200705-0153

CVE

CVE-2007-0754

TITLE

Apple QuickTime Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001531

DESCRIPTION

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insuficiently sized memory buffer. An attacker may exploit this issue by enticing victims into opening a maliciously crafted 'MOV' QuickTime movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. Versions of QuickTime 7 prior to 7.1.3 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There is a heap overflow vulnerability in QuickTime when parsing malformed STSD elements. If an attacker specifies a malicious element size, a heap overflow may be triggered when parsing a MOV file, resulting in arbitrary instruction execution. TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-07 May 10, 2007 -- CVE ID: CVE-2007-0754 -- Affected Vendor: Apple -- Affected Products: QuickTime Player 7.x -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since January 31, 2006 by Digital Vaccine protection filter ID 4109. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Sample Table Sample Descriptor (STSD) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=304357 -- Disclosure Timeline: 2006.06.16 - Vulnerability reported to vendor 2006.01.31 - Digital Vaccine released to TippingPoint customers 2007.05.10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Ganesh Devarajan, TippingPoint DVLabs

Trust: 2.07

sources: NVD: CVE-2007-0754 // JVNDB: JVNDB-2007-001531 // BID: 23923 // VULHUB: VHN-24116 // PACKETSTORM: 56676

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	lte	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lt	version:	7.1.3	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.2	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 23923 // JVNDB: JVNDB-2007-001531 // CNNVD: CNNVD-200705-267 // NVD: CVE-2007-0754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0754
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0754
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200705-267
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-24116
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0754
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24116
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24116 // JVNDB: JVNDB-2007-001531 // CNNVD: CNNVD-200705-267 // NVD: CVE-2007-0754

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-267

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200705-267

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001531

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-24116

PATCH

title:

QuickTime 7.1.3 Update

url:

http://support.apple.com/kb/TA24355?viewlocale=en_US

Trust: 0.8

sources: JVNDB: JVNDB-2007-001531

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0754	Trust: 2.9
db:	BID	id:	23923	Trust: 2.0
db:	SREASON	id:	2703	Trust: 1.7
db:	OSVDB	id:	35574	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001531	Trust: 0.8
db:	CNNVD	id:	CNNVD-200705-267	Trust: 0.7
db:	XF	id:	34244	Trust: 0.6
db:	BUGTRAQ	id:	20070511 TPTI-07-07: APPLE QUICKTIME STSD PARSING HEAP OVERFLOW VULNERABILITY	Trust: 0.6
db:	PACKETSTORM	id:	56676	Trust: 0.2
db:	VULHUB	id:	VHN-24116	Trust: 0.1

sources: VULHUB: VHN-24116 // BID: 23923 // JVNDB: JVNDB-2007-001531 // PACKETSTORM: 56676 // CNNVD: CNNVD-200705-267 // NVD: CVE-2007-0754

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=304357	Trust: 2.1
url:	http://dvlabs.tippingpoint.com/advisory/tpti-07-07	Trust: 2.1
url:	http://www.securityfocus.com/bid/23923	Trust: 1.7
url:	http://www.osvdb.org/35574	Trust: 1.7
url:	http://securityreason.com/securityalert/2703	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/468305/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34244	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0754	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0754	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/468305/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/34244	Trust: 0.6
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	http://www.apple.com/quicktime/download/	Trust: 0.3
url:	/archive/1/468305	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2007-0754	Trust: 0.1
url:	http://www.tippingpoint.com	Trust: 0.1

sources: VULHUB: VHN-24116 // BID: 23923 // JVNDB: JVNDB-2007-001531 // PACKETSTORM: 56676 // CNNVD: CNNVD-200705-267 // NVD: CVE-2007-0754

CREDITS

Ganesh Devarajan

Trust: 0.7

sources: PACKETSTORM: 56676 // CNNVD: CNNVD-200705-267

SOURCES

db:	VULHUB	id:	VHN-24116
db:	BID	id:	23923
db:	JVNDB	id:	JVNDB-2007-001531
db:	PACKETSTORM	id:	56676
db:	CNNVD	id:	CNNVD-200705-267
db:	NVD	id:	CVE-2007-0754

LAST UPDATE DATE

2025-04-10T23:05:37.826000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24116	date:	2018-10-16T00:00:00
db:	BID	id:	23923	date:	2008-03-13T04:01:00
db:	JVNDB	id:	JVNDB-2007-001531	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-267	date:	2007-05-15T00:00:00
db:	NVD	id:	CVE-2007-0754	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24116	date:	2007-05-14T00:00:00
db:	BID	id:	23923	date:	2007-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2007-001531	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	56676	date:	2007-05-12T02:32:00
db:	CNNVD	id:	CNNVD-200705-267	date:	2007-05-14T00:00:00
db:	NVD	id:	CVE-2007-0754	date:	2007-05-14T21:19:00