Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Confidence 2013

5% Off any SANS course
Use Code: SecuriTeam_5

Hack In Paris

La Nuit du Hack

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Credit:

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Apple Quicktime

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.

Patch Availability:
Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859

CVE Information:
CVE-2009-2799

Disclosure Timeline:
2009-07-28 - Vulnerability reported to vendor
2009-09-10 - Coordinated public release of advisory

--------------------------------------------------------------------------------------------------------------------------------
Learn how website security by scanning is reducing the risk of vulnerabilities like this.
-

blog comments powered by Disqus

	Moodle WebDav Repository Plaintext Password Disclosure Vulnerability
	QuickShare File Share Directory Traversal Vulnerability
	ELinks Security Bypass Vulnerability
	BlazeDVD PLF Exploit DEP/ASLR Bypass (MSF) Vulnerability
	Siemens SIMATIC WinCC CCEServer Crafted Packet Handling Remote Overflow DoS Vulnerability
	Qool CMS /Qoolrc2/admin/addusergroup Title Parameter XSS Vulnerability
	Oracle Java SE JVM Specification Implementation Weakness Vulnerability
	OpenFabrics ibutils Multiple File Symlink Arbitrary File Overwrite Vulnerability
	Linux Kernel llc Subsystem getsockname() Function Stack Memory Local Disclosure Vulnerability
	GroundWork Monitor Enterprise Performance Component SSI Injection Arbitrary Command Execution Vulnerability
	GroundWork Monitor Enterprise Monarch (XXE) Arbitrary File Manipulation Vulnerability
	Google Chrome Printing Handling Use-after-free Issue Vulnerability
	Google Chrome Cross-Origin HTTP Basic Authentication Prompt Blocking Brute Force Bypass Vulnerability
	Google Android Cross-Application Native Code Manipulation Privilege Escalation Vulnerability
	Draytek Vigor3900 sh draytekv3900 Command Handling Authentication Bypass Vulnerability
	Counter Per Day Plugin For WordPress Notes.php Malformed Requests Remote DoS Vulnerability
	ClipShare /siteadmin/login.php Plaintext Password Disclosure Vulnerability
	Cisco IOS Software Internet Key Exchange (IKE) Feature Memory Leak Remote DoS Vulnerability
	Bookyt Unspecified Remote Code Execution Vulnerability
	Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass Vulnerability

Featured Articles

	HP LaserJet Pro Printers Remote Data Access Vulnerability
	Mozilla Multiple Product HTML Editor Function Use-after-free Arbitrary Code Execution Vulnerability
	Exim with Dovecot Typical Misconfiguration Leads to Remote Command Execution Vulnerability
	IBM InfoSphere Information Server Unspecified Arbitrary Site Redirect Vulnerability
	Cisco Unity Express /Web/SA2/ScriptList.do gui_pagenotableData Parameter XSS Vulnerability
	Supportworks ITSM SQL Injection Vulnerability
	WirelessFiles for iPad/iPhone Multiple File Extension Upload Arbitrary Script Code Execution Vulnerability
	IBM InfoSphere Information Server Import Export Manager Path Subversion Arbitrary DLL Injection Code Execution Vulnerability
	CommentLuv Plugin for WordPress /wp-admin/admin-ajax.php _ajax_nonce Parameter XSS Vulnerability
	ownCloud Multiple Script Multiple Administrator Action CSRF Vulnerability
	IBM Multiple Product XSS Vulnerability
	TLS / DTLS Protocol CBC-Mode Ciphersuite Distinguishing Attack Information Disclosure Weakness Vulnerability
	JBoss Enterprise Application Platform / JBoss Enterprise Web Platform JMX Invoker Roll Restriction Weakness Vulnerability
	Google AD Sync Tool Exposure Of Sensitive Information Vulnerability
	VMware Multiple Product vmci.sys VMCI Control Code Handling Local Privilege Escalation Vulnerability
	Cisco Unity Express /Web/SA/SaveConfiguration.do Multiple Action CSRF Vulnerability
	AdPeeps /adpeeps_servlet.php Bannertext Parameter XSS Vulnerability
	Oracle Application Framework Diagnostic Mode Bypass Vulnerability
	Nero MediaHome NMMediaServer.dll Long Request Line Off-By-One Overflow Vulnerability
	Samba Samba Web Administration Tool (SWAT) Manipulation CSRF Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs