The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue.
cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:* versions up to 7.0.4 (inclusive)
|21556||QuickTime < 7.1 Multiple Vulnerabilities (Windows)||Nessus||Windows|
|21554||Quicktime < 7.1 Multiple Vulnerabilities (Mac OS X)||Nessus||MacOS X Local Security Checks|
|3617||Mac OS X Multiple Vulnerabilities (Security Update 2006-003)||Nessus Network Monitor||Operating System Detection|
|3616||Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities||Nessus Network Monitor||Web Clients|
|801197||Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities||Log Correlation Engine||Web Clients|