CVE-2007-2394

Apple Quicktime - Remote Code Execution via SMIL File Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2394. PoCs published by David Vaartjes, Wolf.

AI-analyzed exploit summary This exploit leverages an integer overflow in QuickTime's handling of SMIL files. By crafting a malicious SMIL file with oversized metadata fields, it triggers a buffer overflow, potentially leading to remote code execution.

Description

Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

Exploits (2)

exploitdb WORKING POC VERIFIED

by David Vaartjes · textdosmultiple

https://www.exploit-db.com/exploits/4359

View Code ZIP pw:eip

This exploit leverages an integer overflow in QuickTime's handling of SMIL files. By crafting a malicious SMIL file with oversized metadata fields, it triggers a buffer overflow, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apple QuickTime 7.1.3

No auth needed

Prerequisites: Target must open a malicious SMIL file via a webpage or locally

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Wolf · perlremotemultiple

https://www.exploit-db.com/exploits/30292

View Code ZIP pw:eip

This Perl script generates a malicious SMIL file that exploits an integer overflow vulnerability in Apple QuickTime 7.1.3. The crafted file can trigger remote code execution or information disclosure when opened by a victim.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apple QuickTime 7.1.3

No auth needed

Prerequisites: Victim must open the malicious SMIL file or visit a crafted webpage

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26034

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35357

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018373

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-193A.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2510

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24873

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/473882/100/100/threaded

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=305947

Patch vendor-advisory x_refsource_apple

http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36134

Patch third-party-advisory x_refsource_idefense

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556

Scores

EPSS 0.1214

EPSS Percentile 95.6%

Details

Status published

Products (12)

apple/quicktime

apple/quicktime 7.0

apple/quicktime 7.0.1

apple/quicktime 7.0.2

apple/quicktime 7.0.3

apple/quicktime 7.0.4

apple/quicktime 7.1

apple/quicktime 7.1.1

apple/quicktime 7.1.2

apple/quicktime 7.1.3

... and 2 more

Published Jul 15, 2007

Tracked Since Feb 18, 2026