CVE-2007-0462

Apple QuickTime - Remote Code Execution via Malformed PICT Image ARGB Record

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0462. PoCs published by LMH.

AI-analyzed exploit summary The provided text describes a memory corruption vulnerability in Mac OS X QuickDraw when handling malformed PICT image files. It references a binary exploit (29509.pct) but does not contain executable code or technical details of the exploit itself.

Description

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

Exploits (1)

exploitdb WRITEUP VERIFIED

by LMH · textdososx

https://www.exploit-db.com/exploits/29509

View Code ZIP pw:eip

The provided text describes a memory corruption vulnerability in Mac OS X QuickDraw when handling malformed PICT image files. It references a binary exploit (29509.pct) but does not contain executable code or technical details of the exploit itself.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Mac OS X QuickDraw (Mac OS X 10.4.8 and likely earlier versions)

No auth needed

Prerequisites: Ability to deliver a malformed PICT file to the target system

MITRE ATT&CK