Rapid7 Vulnerability & Exploit Database

QuickTime: unspecified vulnerabilities allow arbitrary code execution via malicious movie files (CVE-2007-4707)

Back to Search

QuickTime: unspecified vulnerabilities allow arbitrary code execution via malicious movie files (CVE-2007-4707)

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
12/14/2007
Created
07/25/2018
Added
12/21/2007
Modified
02/13/2015

Description

Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs, and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

Solution(s)

  • quicktime-upgrade-7_3_1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;