|
|
|
|
| |
Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html, http://www.zerodayinitiative.com/advisories/ZDI-07-066.html, http://www.zerodayinitiative.com/advisories/ZDI-07-067.html and http://www.zerodayinitiative.com/advisories/ZDI-07-068.html
|
| |
Vulnerable Systems:
* Apple QuickTime version 7.2
Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file.
The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code.
Vendor Response:
Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896
Disclosure Timeline:
2007.09.14 - Vulnerability reported to vendor
2007.11.05 - Coordinated public release of advisory
CVE Information:
CVE-2007-4672
Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution.
Vendor Response:
Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896
Disclosure Timeline:
2007.09.14 - Vulnerability reported to vendor
2007.11.05 - Coordinated public release of advisory
CVE Information:
CVE-2007-4676
Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user.
Vendor Response:
Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896
Disclosure Timeline:
2007.09.14 - Vulnerability reported to vendor
2007.11.05 - Coordinated public release of advisory
CVE Information:
CVE-2007-4676
Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file.
The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code.
Vendor Response:
Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896
Disclosure Timeline:
2007.09.14 - Vulnerability reported to vendor
2007.11.05 - Coordinated public release of advisory
CVE Information:
CVE-2007-4677
|
|
|
|
|
