ID CVE-2006-4385
Summary Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. This vulnerability is addressed in the following product release: Apple, QuickTime Player, 7.1.3
References
Vulnerable Configurations
  • cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.2:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:6.5.2:*:mac_os_x_10.3:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.3:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:mac_os_x_10.4:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.2:*:windows:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 17-10-2018 - 21:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2006-09-12
bid 19976
bugtraq 20060913 Multiple Vulnerabilities in Apple QuickTime
cert-vn VU#308204
confirm http://docs.info.apple.com/article.html?artnum=304357
gentoo GLSA-200803-08
osvdb 28768
sectrack 1016830
secunia
  • 21893
  • 29182
sreason 1554
vupen ADV-2006-3577
xf quicktime-sgi-buffer-overflow(28932)
Last major update 17-10-2018 - 21:36
Published 12-09-2006 - 23:07
Last modified 17-10-2018 - 21:36
Back to Top