Rapid7 Vulnerability & Exploit Database

QuickTime: unspecified vulnerabilities allow arbitrary code execution via malicious movie files (CVE-2007-4707)

Back to Search

QuickTime: unspecified vulnerabilities allow arbitrary code execution via malicious movie files (CVE-2007-4707)

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

12/14/2007

Created

07/25/2018

Added

12/21/2007

Modified

02/13/2015

Description

Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs, and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

Solution(s)

quicktime-upgrade-7_3_1

References

https://attackerkb.com/topics/cve-2007-4707
APPLE-SA-2007-12-13
26866
CVE - 2007-4707
http://support.apple.com/kb/HT1738
39030

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

QuickTime: unspecified vulnerabilities allow arbitrary code execution via malicious movie files (CVE-2007-4707)