{"vuid":"VU#587937","idnumber":"587937","name":"Apple QuickTime MPEG-4 movie buffer overflow","keywords":["Apple","Quicktime","buffer overflow","DoS","arbitrary code execution","MPEG4 file","quicktime_7.1"],"overview":"Apple QuickTime fails to properly handle MPEG-4 movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition.","clean_desc":"Apple's QuickTime Player is multimedia software that allows users to view local and remote audio, video, and image content. QuickTime contains a buffer overflow in the code that handles MPEG-4 movies. This vulnerability may be triggered by sending the QuickTime Player, or an application that uses the QuickTime plug-in, a specially crafted MPEG-4 movie file. Note that this issue affects QuickTime installations on both Apple Mac and Windows operating systems.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service condition.","resolution":"Upgrade \nApple has addressed this issue with QuickTime 7.1, as specified in Apple Support Document 303752.","workarounds":"","sysaffected":"","thanks":"This issue was reported in the \nApple Support Document 303752","author":"This document was written by Jeff Gennari.","public":["http://www.apple.com/support/downloads/quicktime71.html","http://docs.info.apple.com/article.html?artnum=303752","http://www.apple.com/quicktime/technologies/mpeg4/"],"cveids":["CVE-2006-1464"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-05-12T17:38:45Z","publicdate":"2006-05-11T00:00:00Z","datefirstpublished":"2006-05-17T21:19:29Z","dateupdated":"2006-05-17T21:29:28Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"16","cam_impact":"18","cam_easeofexploitation":"10","cam_attackeraccessrequired":"16","cam_scorecurrent":"17.28","cam_scorecurrentwidelyknown":"21.6","cam_scorecurrentwidelyknownexploited":"38.88","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.28,"vulnote":null}