|
|
|
|
| |
Credit:
The information has been provided by David Vaartjes from ITsec Security Services.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
|
| |
Vulnerable Systems:
* QuickTime version 7.1.3
* QuickTime version 7.1.5
Immune Systems:
* QuickTime version 7.2
The vulnerability specifically exists in QuickTime players handling of the title and author fields in an SMIL file. When parsing an SMIL file, arithmetic calculations can cause insufficient memory to be allocated. When copying in user-supplied data from the SMIL file, a heap-based buffer overflow occurs. This results in a potentially exploitable condition.
Analysis:
Exploitation could allow attackers to execute arbitrary code in the context of the current user.
In order to exploit this vulnerability, an attacker must persuade a user into using QuickTime to open a specially crafted SMIL file. This could be accomplished using a malicious SMIL file referenced from a website under the attacker's control.
Vendor response:
Apple has released QuickTime 7.2 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL: http://docs.info.apple.com/article.html?artnum=305947
CVE Information:
CVE-2007-2394
Disclosure Timeline:
04/02/2007 - Initial vendor notification
04/09/2007 - Initial vendor response
07/11/2007 - Coordinated public disclosure
|
|
|
|
|
