CVE-2007-6238 (GCVE-0-2007-6238)
Vulnerability from cvelistv5
Published
2007-12-04 18:00
Modified
2024-08-07 16:02
Severity ?
CWE
  • n/a
Summary
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:34.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"
          },
          {
            "name": "26682",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26682"
          },
          {
            "name": "quicktime-unspecified-code-execution(38852)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"
          },
          {
            "name": "1019039",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019039"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information.  A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.  However, the organization has stated that this is different than CVE-2007-6166."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"
        },
        {
          "name": "26682",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26682"
        },
        {
          "name": "quicktime-unspecified-code-execution(38852)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"
        },
        {
          "name": "1019039",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019039"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information.  A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.  However, the organization has stated that this is different than CVE-2007-6166."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185",
              "refsource": "MISC",
              "url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185"
            },
            {
              "name": "26682",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26682"
            },
            {
              "name": "quicktime-unspecified-code-execution(38852)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38852"
            },
            {
              "name": "1019039",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019039"
            },
            {
              "name": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html",
              "refsource": "MISC",
              "url": "http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6238",
    "datePublished": "2007-12-04T18:00:00",
    "dateReserved": "2007-12-04T00:00:00",
    "dateUpdated": "2024-08-07T16:02:34.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6238\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-04T18:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information.  A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.  However, the organization has stated that this is different than CVE-2007-6166.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Apple QuickTime 7.2 sobre Windows XP permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un vector de ataque desconocido, probablemente una vulnerabilidad diferente que CVE-2007-6166. NOTA: esta informaci\u00f3n est\u00e1 basada en un aviso poco completo a trav\u00e9s de una organizaci\u00f3n que vende vulnerabilidades que no se coordina con vendedores o lleva a cabo avisos con informaci\u00f3n pertinente. Un CVE se ha asignado para facilitar su seguimiento, pero los duplicados con otros CVE son dif\u00edciles de determinar. Sin embargo, la organizaci\u00f3n ha declarado que esto es diferente de CVE - 2007 - 6166.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:quicktime:7.2:*:windows_xp:*:*:*:*:*\",\"matchCriteriaId\":\"FBA37276-D6FD-42B7-AD31-00A0AC81FEF1\"}]}]}],\"references\":[{\"url\":\"http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26682\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019039\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38852\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.