CVE-2007-4676 Information

Description

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

Reference

http://docs.info.apple.com/article.html?artnum=306896 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html http://osvdb.org/38546 http://secunia.com/advisories/27523 http://securityreason.com/securityalert/3351 http://www.kb.cert.org/vuls/id/690515 http://www.securityfocus.com/archive/1/483311/100/0/threaded http://www.securityfocus.com/archive/1/483313/100/0/threaded http://www.securityfocus.com/bid/26345 http://www.securitytracker.com/id?1018894 http://www.us-cert.gov/cas/techalerts/TA07-310A.html http://www.vupen.com/english/advisories/2007/3723 http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html https://exchange.xforce.ibmcloud.com/vulnerabilities/38280 https://exchange.xforce.ibmcloud.com/vulnerabilities/38281