SecuriTeam™ - Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

Black Box Testing
Vulnerability Assessment
Vulnerability Scanner

	SecuriTeam™ in Your Inbox

	E-mail this article to a friend

New vulnerability?
New tool?
Tell us

QuickTime is "Apple's media player product used to render video and other media. QuickTime VR (virtual reality) is a type of image file format supported by Apple's QuickTime. It allows the creation and viewing of photographically captured panoramas and the exploration of objects through images taken at multiple viewing angles". Remote exploitation of a heap overflow vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user.

Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620

Audit your web server for security holes - see what the hackers see.
Sign up for a scan today - risk free!

Vulnerable Systems:
* QuickTime VR extension version 7.2.0.240 as included in QuickTime Player version 7.2

Immune Systems:
* QuickTime Player version 7.3

The vulnerability specifically exists in QuickTime Player's handling of Panorama Sample atoms in QuickTime Virtual Reality movie. When processing panorama sample atoms, the size field in the atom header is not validated. QuickTime will copy the specified amount of memory to a fixed-size heap buffer, causing heap corruption.

Analysis:
Exploitation could allow attackers to execute arbitrary code in the context of the current user. To exploit this vulnerability, an attacker must persuade a user into using QuickTime to open a specially crafted QuickTime movie file. This could be accomplished by persuading the user to click a direct link to a malicious VR movie file. Additionally, this vulnerability could be exploited within a malicious web page.

Workaround:
Disabling the QuickTime plug-in for browsers can mitigate Web page attack vectors. To do this, uncheck the "Play movies automatically" setting within the QuickTime preferences Browser->Playback tab.

Vendor response:
Apple has released QuickTime 7.3 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL shown below: http://docs.info.apple.com/article.html?artnum=306896

CVE Information:
CVE-2007-4675

Subject:		Date:
From:

	Cisco BBSM Captive Portal Cross-site Scripting
	Cisco Unified Communications Manager Denial of Service Vulnerabilities
	Novell eDirectory Unauthenticated Access to SOAP Interface
	Call of Duty Denial of Service
	Wonderware SuiteLink Denial of Service Vulnerability
	WebMod Multiple Vulnerabilities
	IAX2 Incomplete 3-Way Handshake (Spoofing)
	Multiple Vendor OpenOffice Vulnerabilities
	Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
	Cisco Network Admission Control Shared Secret Vulnerability
	ClamAV libclamav PeSpin Heap Overflow Vulnerability
	ClamAV libclamav PE WWPack Heap Overflow Vulnerability
	IBM Informix Pre-Authentication Stack Overflow
	Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
	HP OpenView NNM Buffer Overflow