CVE-2007-0714

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2007-0714 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Sowhat.
The original article can be found at: http://secway.org/advisory/AD20060512.txt

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2007-0714

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Apple QuickTime versions versions prior to 7.1.5

Immune Systems:
* Apple QuickTime versions 7.1.5 and higher

This vulnerability exists in the way Quicktime process the "udta" Atom of the .mov files.

The layout of a udta(user data atom) atom:
                           Bytes
   _______________________
  | User data atom |
  | Atom size | 4
  | Type = 'udta' | 4
  | |
  | User data list |
  | Atom size | 4
  | Type = user data types| 4
  | |
   -----------------------

By setting the value of the Atom size to a large value such as 0xFFFFFFFF, an insufficiently-sized heap block will be allocated, and resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function.

Vendor Response:
2006.05.06 - Vendor notified via product-security@apple.com
2006.05.07 - Vendor responded
2006.05.09 - Vendor ask for more information
2006.05.11 - Vendor released QuickTime 7.1, the code path was influenced, but the root cause was not fixed.
2007.03.06 -Vendor released the fixed version
2007.03.06 - Advisory release

CVE Information:
CVE-2007-0714

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus