|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642
|
| |
Vulnerable Systems:
* QuickTime Player version 7.3.1
Immune Systems:
* QuickTime Player version 7.4
The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs.
Analysis:
Exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the targeted user. In order to exploit this vulnerability, an attacker must persuade a user into using QuickTime to open a specially crafted QuickTime movie file.
Vendo response:
Apple has released QuickTime 7.4 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL: http://docs.info.apple.com/article.html?artnum=307301
CVE Information:
CVE-2008-0032
Disclosure Timeline:
09/13/2007 - Initial vendor notification
09/13/2007 - Initial vendor response
01/15/2008 - Coordinated public disclosure
|
|
|
|
|
