ID

VAR-200703-0010


CVE

CVE-2007-0712


TITLE

Apple QuickTime 3GP integer overflow

Trust: 0.8

sources: CERT/CC: VU#568689

DESCRIPTION

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. There are multiple buffer overflow vulnerabilities in QuickTime's processing of various media formats. (CVE-2007-0712). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-065A Apple Releases Security Updates for QuickTime Original release date: March 06, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page. Note that QuickTime ships with Apple iTunes. For more information, please refer to the Vulnerability Notes Database. II. For further information, please see the Vulnerability Notes Database. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.1.5. This and other updates for Mac OS X are available via Apple Update. On Microsoft Windows the QuickTime built-in auto-update mechanism may not detect this release. Instead, Windows users should check for updates using Apple Software Update or install the update manually. Disable QuickTime in your web browser An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document. References * Vulnerability Notes for QuickTime 7.1.5 - <http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_715> * About the security content of the QuickTime 7.1.5 Update - <http://docs.info.apple.com/article.html?artnum=305149> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime 7.1.5 for Windows - <http://www.apple.com/support/downloads/quicktime715forwindows.html> * Apple QuickTime 7.1.5 for Mac - <http://www.apple.com/support/downloads/quicktime715formac.html> * Standalone Apple QuickTime Player - <http://www.apple.com/quicktime/download/standalone.html> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-065A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-065A Feedback VU#568689" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 06, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRe26JOxOF3G+ig+rAQIL/AgArfKGgONZLe46VrCe71/m/47EcYHx/m4u K7rK5zeV11CItic4BMTyhC/s9OMEJdkRpVLhi9TJtLv0OYQoqT8WCqkcWpn6rf+p mRbMMIc0m2/IqQWBz3oHU1rlAem8Xk0wbARe+y3Pb1Xz5TumoyVSjbkKkyQJVYLz 35SS6byTmpspL/GIui8lt37b66aiXOGr91FCMQ4eCJXucJKlDNndjdL5isVKjXoA 74aavroywUVzoBzjxXCRSquxcFHW0B6t1TIMuMJhyVbmcV4i/0Cq3EfEg8iKVZdO ZAXHIj3P4cPmdsYRbgl0IqqyZYt51gMdpmUNGORCShuMajqwwbNjvg== =5/kY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24359 VERIFY ADVISORY: http://secunia.com/advisories/24359/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system. 1) An integer overflow error exists in the handling of 3GP video files. 3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow. 4) An integer overflow exists in the handling of UDTA atoms in movie files. 5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow. 6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow. 7) An integer overflow exists in the handling of QTIF files. 8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0". SOLUTION: Update to version 7.1.5. Mac OS X: http://www.apple.com/quicktime/download/mac.html Windows: http://www.apple.com/quicktime/download/win.html PROVIDED AND/OR DISCOVERED BY: 1) JJ Reyes 2,5,6,7) Mike Price, McAfee AVERT Labs 3) Mike Price, McAfee AVERT Labs, Piotr Bania, and Artur Ogloza 4) Sowhat of Nevis Labs and an anonymous researcher via ZDI. 8) Ruben Santamarta via iDefense and JJ Reyes ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305149 Piotr Bania: http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 7.92

sources: NVD: CVE-2007-0712 // CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // JVNDB: JVNDB-2007-000192 // BID: 22827 // VULHUB: VHN-24074 // PACKETSTORM: 54941 // PACKETSTORM: 54850

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 6.4

vendor:applemodel:quicktimescope:lteversion:7.1.4

Trust: 1.8

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.1.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.5.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:4.1.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.2.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.1.5

Trust: 0.3

sources: CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // BID: 22827 // JVNDB: JVNDB-2007-000192 // CNNVD: CNNVD-200703-172 // NVD: CVE-2007-0712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0712
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#568689
value: 16.20

Trust: 0.8

CARNEGIE MELLON: VU#880561
value: 6.64

Trust: 0.8

CARNEGIE MELLON: VU#822481
value: 9.00

Trust: 0.8

CARNEGIE MELLON: VU#861817
value: 17.36

Trust: 0.8

CARNEGIE MELLON: VU#448745
value: 4.81

Trust: 0.8

CARNEGIE MELLON: VU#313225
value: 17.72

Trust: 0.8

CARNEGIE MELLON: VU#410993
value: 16.20

Trust: 0.8

CARNEGIE MELLON: VU#642433
value: 16.20

Trust: 0.8

NVD: CVE-2007-0712
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200703-172
value: CRITICAL

Trust: 0.6

VULHUB: VHN-24074
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0712
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2007-0712
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-24074
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // VULHUB: VHN-24074 // JVNDB: JVNDB-2007-000192 // CNNVD: CNNVD-200703-172 // NVD: CVE-2007-0712

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-24074 // NVD: CVE-2007-0712

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 54941 // CNNVD: CNNVD-200703-172

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200703-172

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000192

PATCH

title:QuickTime 7.1.5 for Macurl:http://www.apple.com/support/downloads/quicktime715formac.html

Trust: 0.8

title:QuickTime 7.1.5 for Windowsurl:http://www.apple.com/support/downloads/quicktime715forwindows.html

Trust: 0.8

title:QuickTime 7.1.5url:http://docs.info.apple.com/article.html?artnum=305149

Trust: 0.8

title:QuickTime 7.1.5url:http://docs.info.apple.com/article.html?artnum=305149-ja

Trust: 0.8

title:アップル - QuickTimeurl:http://www.apple.com/jp/quicktime/download/win.html

Trust: 0.8

title:QuickTime 7.1.5 for Macurl:http://www.apple.com/jp/ftp-info/reference/quicktime715formac.html

Trust: 0.8

title:QuickTime 7.1.5 for Windowsurl:http://www.apple.com/jp/ftp-info/reference/quicktime715forwindows.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-000192

EXTERNAL IDS

db:BIDid:22827

Trust: 9.2

db:SECUNIAid:24359

Trust: 9.0

db:SECTRACKid:1017725

Trust: 8.1

db:AUSCERTid:AL-2007.0031

Trust: 6.4

db:CERT/CCid:VU#822481

Trust: 3.6

db:USCERTid:TA07-065A

Trust: 2.9

db:NVDid:CVE-2007-0712

Trust: 2.8

db:VUPENid:ADV-2007-0825

Trust: 1.7

db:OSVDBid:33904

Trust: 1.7

db:CERT/CCid:VU#568689

Trust: 1.1

db:CERT/CCid:VU#880561

Trust: 1.1

db:CERT/CCid:VU#861817

Trust: 1.1

db:CERT/CCid:VU#448745

Trust: 1.1

db:CERT/CCid:VU#313225

Trust: 1.1

db:CERT/CCid:VU#410993

Trust: 1.1

db:CERT/CCid:VU#642433

Trust: 1.1

db:BIDid:22843

Trust: 0.8

db:BIDid:22844

Trust: 0.8

db:ZDIid:ZDI-07-010

Trust: 0.8

db:XFid:32814

Trust: 0.8

db:USCERTid:SA07-065A

Trust: 0.8

db:JVNDBid:JVNDB-2007-000192

Trust: 0.8

db:CNNVDid:CNNVD-200703-172

Trust: 0.7

db:CERT/CCid:TA07-065A

Trust: 0.6

db:APPLEid:APPLE-SA-2007-03-05

Trust: 0.6

db:XFid:32816

Trust: 0.6

db:VULHUBid:VHN-24074

Trust: 0.1

db:PACKETSTORMid:54941

Trust: 0.1

db:PACKETSTORMid:54850

Trust: 0.1

sources: CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // VULHUB: VHN-24074 // BID: 22827 // JVNDB: JVNDB-2007-000192 // PACKETSTORM: 54941 // PACKETSTORM: 54850 // CNNVD: CNNVD-200703-172 // NVD: CVE-2007-0712

REFERENCES

url:http://www.securityfocus.com/bid/22827

Trust: 8.9

url:http://docs.info.apple.com/article.html?artnum=305149

Trust: 8.2

url:http://secunia.com/advisories/24359/

Trust: 6.5

url:http://www.auscert.org.au/7356

Trust: 6.4

url:http://www.ciac.org/ciac/bulletins/r-171.shtml

Trust: 6.4

url:http://securitytracker.com/id?1017725

Trust: 5.6

url:http://www.us-cert.gov/cas/techalerts/ta07-065a.html

Trust: 2.8

url:http://www.kb.cert.org/vuls/id/822481

Trust: 2.8

url:http://www.apple.com/quicktime/download/

Trust: 2.7

url:http://www.securitytracker.com/id?1017725

Trust: 2.5

url:http://secunia.com/advisories/24359

Trust: 2.5

url:http://www.us-cert.gov/cas/tips/st04-010.html

Trust: 2.4

url:http://support.microsoft.com/default.aspx?scid=kb;en-us;q294676

Trust: 2.4

url:http://www.cert.org/tech_tips/before_you_plug_in.html

Trust: 2.4

url:http://www.mozilla.org/support/firefox/faq

Trust: 2.4

url:http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html

Trust: 1.7

url:http://osvdb.org/33904

Trust: 1.7

url:http://www.apple.com/itunes/

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2007/0825

Trust: 1.4

url:http://www.vupen.com/english/advisories/2007/0825

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32816

Trust: 1.1

url:http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt

Trust: 0.9

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486

Trust: 0.9

url:http://en.wikipedia.org/wiki/.mov

Trust: 0.8

url:http://www.securityfocus.com/bid/22843

Trust: 0.8

url:http://en.wikipedia.org/wiki/musical_instrument_digital_interface

Trust: 0.8

url:http://developer.apple.com/documentation/quicktime/qtff/index.html

Trust: 0.8

url:http://developer.apple.com/documentation/quicktime/qtff/qtffchap2/chapter_3_section_2.html

Trust: 0.8

url:http://secway.org/advisory/ad20070306.txt

Trust: 0.8

url:http://secway.org/advisory/ad20060512.txt

Trust: 0.8

url:http://www.zerodayinitiative.com/advisories/zdi-07-010.html

Trust: 0.8

url:http://www.securityfocus.com/bid/22844

Trust: 0.8

url:http://en.wikipedia.org/wiki/pict

Trust: 0.8

url:http://www.reversemode.com/index.php?option=com_remository&itemid=2&func=fileinfo&id=46

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0712

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/32814

Trust: 0.8

url:http://jvn.jp/cert/jvnta07-065a/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta07-065a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0712

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa07-065a.html

Trust: 0.8

url:http://www.cyberpolice.go.jp/important/2007/20070306_153534.html

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/32816

Trust: 0.6

url:http://www.apple.com/quicktime/

Trust: 0.3

url:msg://bugtraq/45ec9719.10206@idefense.com

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/313225

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/410993

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/448745

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/568689

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/642433

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/861817

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/880561

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=304263>

Trust: 0.1

url:http://www.apple.com/support/downloads/quicktime715formac.html>

Trust: 0.1

url:http://www.apple.com/quicktime/download/standalone.html>

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.us-cert.gov/reading_room/securing_browser/>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=106704>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta07-065a.html>

Trust: 0.1

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.1

url:http://www.kb.cert.org/vuls/byid?searchview&query=quicktime_715>

Trust: 0.1

url:http://www.apple.com/support/downloads/quicktime715forwindows.html>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=305149>

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/5090/

Trust: 0.1

url:http://www.apple.com/quicktime/download/win.html

Trust: 0.1

url:http://secunia.com/disassembling_og_reversing/

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.apple.com/quicktime/download/mac.html

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#568689 // CERT/CC: VU#880561 // CERT/CC: VU#822481 // CERT/CC: VU#861817 // CERT/CC: VU#448745 // CERT/CC: VU#313225 // CERT/CC: VU#410993 // CERT/CC: VU#642433 // VULHUB: VHN-24074 // BID: 22827 // JVNDB: JVNDB-2007-000192 // PACKETSTORM: 54941 // PACKETSTORM: 54850 // CNNVD: CNNVD-200703-172 // NVD: CVE-2007-0712

CREDITS

JJ Reyes Mike Price iotr Bania Artur Ogloza Piotr Bania※ bania.piotr@gmail.com※Sowhat※ smaillist@gmail.com※http://www.zerodayinitiative.com/

Trust: 0.6

sources: CNNVD: CNNVD-200703-172

SOURCES

db:CERT/CCid:VU#568689
db:CERT/CCid:VU#880561
db:CERT/CCid:VU#822481
db:CERT/CCid:VU#861817
db:CERT/CCid:VU#448745
db:CERT/CCid:VU#313225
db:CERT/CCid:VU#410993
db:CERT/CCid:VU#642433
db:VULHUBid:VHN-24074
db:BIDid:22827
db:JVNDBid:JVNDB-2007-000192
db:PACKETSTORMid:54941
db:PACKETSTORMid:54850
db:CNNVDid:CNNVD-200703-172
db:NVDid:CVE-2007-0712

LAST UPDATE DATE

2024-11-22T19:37:32.808000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#568689date:2007-03-19T00:00:00
db:CERT/CCid:VU#880561date:2007-03-19T00:00:00
db:CERT/CCid:VU#822481date:2007-03-19T00:00:00
db:CERT/CCid:VU#861817date:2007-03-19T00:00:00
db:CERT/CCid:VU#448745date:2007-03-09T00:00:00
db:CERT/CCid:VU#313225date:2007-03-19T00:00:00
db:CERT/CCid:VU#410993date:2007-03-19T00:00:00
db:CERT/CCid:VU#642433date:2007-03-19T00:00:00
db:VULHUBid:VHN-24074date:2018-10-30T00:00:00
db:BIDid:22827date:2007-03-06T21:05:00
db:JVNDBid:JVNDB-2007-000192date:2007-04-19T00:00:00
db:CNNVDid:CNNVD-200703-172date:2009-03-16T00:00:00
db:NVDid:CVE-2007-0712date:2018-10-30T16:25:17.370

SOURCES RELEASE DATE

db:CERT/CCid:VU#568689date:2007-03-06T00:00:00
db:CERT/CCid:VU#880561date:2007-03-06T00:00:00
db:CERT/CCid:VU#822481date:2007-03-06T00:00:00
db:CERT/CCid:VU#861817date:2007-03-06T00:00:00
db:CERT/CCid:VU#448745date:2007-03-06T00:00:00
db:CERT/CCid:VU#313225date:2007-03-06T00:00:00
db:CERT/CCid:VU#410993date:2007-03-06T00:00:00
db:CERT/CCid:VU#642433date:2007-03-06T00:00:00
db:VULHUBid:VHN-24074date:2007-03-05T00:00:00
db:BIDid:22827date:2007-03-05T00:00:00
db:JVNDBid:JVNDB-2007-000192date:2007-04-19T00:00:00
db:PACKETSTORMid:54941date:2007-03-09T00:22:35
db:PACKETSTORMid:54850date:2007-03-08T00:54:52
db:CNNVDid:CNNVD-200703-172date:2007-03-05T00:00:00
db:NVDid:CVE-2007-0712date:2007-03-05T22:19:00