{"vuid":"VU#969969","idnumber":"969969","name":"Apple Macintosh OS X VideoConference SIP heap buffer overflow","keywords":["Apple","Macintosh","OS X","DoS","denial of service","crafted SIP packets","VideoConference framework","apple_2007-004"],"overview":"The Apple VideoConference framework contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code.","clean_desc":"Apple's VideoConference framework is used in iChat and other applications to stream video. iChat uses SIP to make and receive VoIP calls. The VideoConference framework contains a heap buffer overflow vulnerability. An attacker may be able to exploit this vulnerability by sending a specially crafted SIP packet during the initialization of a VoIP session.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code.","resolution":"Upgrade\nApple has addressed this issue in Security Update 2007-004.","workarounds":"","sysaffected":"","thanks":"Thanks to Apple for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://docs.info.apple.com/article.html?artnum=305391","http://manuals.info.apple.com/en/Welcome_to_Mac_OS_X_v10.4_Tiger.pdf","http://en.wikipedia.org/wiki/Session_Initiation_Protocol"],"cveids":["CVE-2007-0746"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-04-20T12:23:50Z","publicdate":"2007-04-19T00:00:00Z","datefirstpublished":"2007-04-20T13:56:19Z","dateupdated":"2007-04-20T16:18:25Z","revision":7,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"5","cam_impact":"15","cam_easeofexploitation":"8","cam_attackeraccessrequired":"5","cam_scorecurrent":"0.73125","cam_scorecurrentwidelyknown":"1.29375","cam_scorecurrentwidelyknownexploited":"2.41875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.73125,"vulnote":null}