Apple QuickTime H.264 Nal Unit Length Heap Overflow Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

SANS Discount: SecuriTeam5_SANS

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner
Scanner Review
Fuzzer Review
Web Scanner Review

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Credit:

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Apple Quicktime

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.

Patch Availability:
Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3859

CVE Information:
CVE-2009-2799

Disclosure Timeline:
2009-07-28 - Vulnerability reported to vendor
2009-09-10 - Coordinated public release of advisory

--------------------------------------------------------------------------------------------------------------------------------
Learn how website security by scanning is reducing the risk of vulnerabilities like this.
-

blog comments powered by Disqus

	TYPO3 Content Editing Wizards Insecure Unserialize Remote File Deletion Vulnerability
	SonicWALL Multiple Products /sgms/ematStaticAlertTypes.jsp Multiple Parameter Stored XSS Vulnerability
	Sharetronix Multiple Action CSRF Vulnerability
	Red Hat JBoss Enterprise Application Platform EJB Invocation Handler Method-Level Authorization JAX-WS Handler Invocation Vulnerability
	Plone CMF CatalogTool.py Search Methods Subset API Remote Privilege Escalation Vulnerability
	OpenJPEG Tcd.c Tcd_decode_tile Function Tile Component Number Handling DoS Vulnerability
	OpenJPEG Cio.c Cio_skip() Function Out-Of-Bounds Access DoS Vulnerability
	Nagios Core Contrib/daemonchk.c Process_cgivars Function Off-By-One Read Remote DoS Vulnerability
	Linux Kernel Drivers/char/lp.c Lp_do_ioctl Function Local Integer Overflow Vulnerability
	IrfanView Japanese Folder Name Handling Buffer Overflow Vulnerability
	IBM SPSS Collaboration And Deployment Services Reflected XSS Vulnerability
	IBM INotes Ultra-Light Mode Stored XSS Vulnerability
	HP Service Manager WebTier / Windows Client Remote Code Execution Vulnerability
	FileMaster SY-IT For IOS Upload Functionality Local File Inclusion Vulnerability
	FFmpeg / Libav Libavcodec/smacker.c Smka_decode_frame Function Uninitialized Memory Issue Vulnerability
	Ditto Forensic FieldStation System Log Login Information Stored XSS Vulnerability
	Cisco Unified Communications Manager (CUCM) TFTP Service Managed Phone RRQ Operation Remote File Disclosure Vulnerability
	Cisco Adaptive Security Appliance (ASA) DNS Response Error Handling DoS Vulnerability
	BoastMachine /user.php Blog Parameter XSS Vulnerability
	Apple Safari Cross-Site Autofill Credential Disclosure Vulnerability

Featured Articles

	Red Hat JBoss Portal GateIn Portal Improper URL Escaping Multiple Reflected XSS Vulnerability
	D-Link Multiple DSR Routers /scgi-bin/platform.cgi Password Field SQL Injection Authentication Bypass Vulnerability
	Triangle Research International Internet TRiLOGI (i-TRiLOGI) Server Local Unauthorized User Creation Vulnerability
	HP Officejet Pro 8500 XSS Vulnerability
	Cisco Security Monitoring, Analysis And Response System (CS-MARS) /Query/NewQueryResult.jsp IsnowLatency Parameter XSS Vulnerability
	Barracuda SSL VPN 680Vx showAuditReports.do Multiple Parameter XSS Vulnerability
	OpenNetAdmin /ona/dcm.php options[file] Parameter Traversal Local File Inclusion Vulnerability
	Siemens WinCC (TIA Portal) HMI Panel Arbitrary Site Redirect Vulnerability
	Fortinet Multiple FortiGate Firewalls Multiple Function CSRF Vulnerability
	Cisco Identity Services Engine Request Submission CSRF Vulnerability
	Mobile Atlas Creator (MOBAC) Atlas Map Name XSS Vulnerability
	MachForm view.php File Upload Arbitrary Code Execution Vulnerability
	Alcatel-Lucent Multiple OmniTouch Products MyTeamWork Service User Bookmark XSS Vulnerability
	Siemens WinCC (TIA Portal) HMI Panel CSRF Vulnerability
	Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect Vulnerability
	GNOME file-roller fr-archive-libarchive.c extract_archive_thread() Function Crafted Archive Traversal Arbitrary File Creation Vulnerability
	Symantec Security Information Manager SQL Injection Vulnerability
	Corel PDF Fusion wintab32.dll Path Subversion Arbitrary DLL Injection Code Execution Vulnerability
	OpenX /admin/plugin-settings.php group Parameter Local File Inclusion Vulnerability
	Virtualizor Arbitrary Admin Account Creation CSRF Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs