CVE-2006-4389 - Vulnerability Details - OpenCVE

Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Quicktime

Configuration 1 [-]

OR	cpe:2.3:a:apple:quicktime:5.0.2:::::::*
	cpe:2.3:a:apple:quicktime:6.0:::::::*
	cpe:2.3:a:apple:quicktime:6.1:::::::*
	cpe:2.3:a:apple:quicktime:6.5:::::::*
	cpe:2.3:a:apple:quicktime:6.5.1:::::::*
	cpe:2.3:a:apple:quicktime:6.5.2:::::::*
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*
	cpe:2.3:a:apple:quicktime:7.0.3:::::::*
	cpe:2.3:a:apple:quicktime:7.0.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.2:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=304357
http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html
http://secunia.com/advisories/21893
http://secunia.com/advisories/29182
http://security.gentoo.org/glsa/glsa-200803-08.xml
http://securityreason.com/securityalert/1554
http://securitytracker.com/id?1016830
http://www.kb.cert.org/vuls/id/540348
http://www.osvdb.org/28769
http://www.securityfocus.com/archive/1/445888/100/0/threaded
http://www.securityfocus.com/bid/19976
http://www.us-cert.gov/cas/techalerts/TA06-256A.html
http://www.vupen.com/english/advisories/2006/3577
https://exchange.xforce.ibmcloud.com/vulnerabilities/28938

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-12T23:00:00

Updated: 2024-08-07T19:06:07.632Z

Reserved: 2006-08-28T00:00:00

Link: CVE-2006-4389

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-09-12T23:07:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4389

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060913 Multiple Vulnerabilities in Apple QuickTime", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"}, {"name": "1016830", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016830"}, {"name": "21893", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21893"}, {"name": "19976", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19976"}, {"name": "28769", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28769"}, {"name": "GLSA-200803-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"}, {"name": "1554", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1554"}, {"name": "quicktime-flashpix-code-execution(28938)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"}, {"name": "TA06-256A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-256A.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=304357"}, {"name": "VU#540348", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/540348"}, {"name": "APPLE-SA-2006-09-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"}, {"name": "ADV-2006-3577", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3577"}, {"name": "29182", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29182"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4389", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060913 Multiple Vulnerabilities in Apple QuickTime", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"}, {"name": "1016830", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016830"}, {"name": "21893", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21893"}, {"name": "19976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19976"}, {"name": "28769", "refsource": "OSVDB", "url": "http://www.osvdb.org/28769"}, {"name": "GLSA-200803-08", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"}, {"name": "1554", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1554"}, {"name": "quicktime-flashpix-code-execution(28938)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"}, {"name": "TA06-256A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-256A.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=304357", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=304357"}, {"name": "VU#540348", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/540348"}, {"name": "APPLE-SA-2006-09-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"}, {"name": "ADV-2006-3577", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3577"}, {"name": "29182", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29182"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.632Z"}, "title": "CVE Program Container", "references": [{"name": "20060913 Multiple Vulnerabilities in Apple QuickTime", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"}, {"name": "1016830", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016830"}, {"name": "21893", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21893"}, {"name": "19976", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19976"}, {"name": "28769", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28769"}, {"name": "GLSA-200803-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"}, {"name": "1554", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1554"}, {"name": "quicktime-flashpix-code-execution(28938)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"}, {"name": "TA06-256A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-256A.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=304357"}, {"name": "VU#540348", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/540348"}, {"name": "APPLE-SA-2006-09-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"}, {"name": "ADV-2006-3577", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3577"}, {"name": "29182", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29182"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4389", "datePublished": "2006-09-12T23:00:00", "dateReserved": "2006-08-28T00:00:00", "dateUpdated": "2024-08-07T19:06:07.632Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "844E1B14-A13A-47F1-9C82-02EAEED1A911", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "80747BDD-70E9-4E74-896F-C79D014F1B2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA1E140B-BCB4-4B3C-B287-E9E944E08DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2CE0B67-0794-472D-A2C0-CC5CA0E36370", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object."}, {"lang": "es", "value": "Apple QuickTime anterior 7.1.3 permite a un atacante con la complicidad de un usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero artesanal FlashPix (FPX), los cuales disparar\u00e1n una excepci\u00f3n que conduce a una operaci\u00f3n sobre un objeto no inicializado."}], "id": "CVE-2006-4389", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-09-12T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=304357"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21893"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29182"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1554"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016830"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/540348"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28769"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/19976"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-256A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3577"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=304357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/540348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/19976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-256A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3577"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28938"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}