|
|
|
|
| |
QuickTime is a multimedia technology developed by Apple Computer, capable of handling various formats of digital video, sound, text, animation, music, and such.
Memory overwriting, integer overflowing and denial of service vulnerabilities have been discovered in Apple's QuickTime. |
| |
Credit:
The information has been provided by Piotr Bania.
The original articles can be found at:
http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt
http://pb.specialised.info/all/adv/quicktime-mov-io1-adv.txt
http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt
http://pb.specialised.info/all/adv/quicktime-pict-adv.txt
|
| |
Vulnerable Systems:
* QuickTime version 7.0.1 for Mac OS X 10.3
* QuickTime version 7.0.1 for Mac OS X 10.4
* QuickTime version 6.5.2 for Mac OS X 10.3
* QuickTime version 6.5.2 for Mac OS X 10.2
* QuickTime versions 7* for Windows
Immune Systems:
* QuickTime version 7.0.2 for Mac OS X 10.3
* QuickTime version 7.0.2 for Mac OS X 10.4
PICT Remote Memory Overwrite:
Apple QuickTime PictureViewer is reported prone to remote memory overwrite vulnerability (exploitable via remotely originated content).
Expansion of compressed PICT data could exceed the size of the destination buffer, this cause an memory overwrite. The vulnerability may lead to remote code execution when specially crafted picture file (PICT file) is being loaded.
QuickTime Player Remote Integer Overflows:
Apple QuickTime Player is reported prone to remote integer overflow vulnerabilities (exploitable via remotely originated content).
A sign extension of an embedded "Pascal" style string could result in a very large memory copy, which lead to potential memory overwrite. The vulnerability may lead to remote code execution when specially crafted video file (MOV file) is being loaded.
Improper movie attributes could result in a very large memory copy, which lead to potencial memory overwrite. The vulnerability may lead to remote code execution when specially crafted video file (MOV file) is being loaded.
QuickTime Player Remote Denial of Service:
Apple QuickTime Player is reported prone to remote denial of service attack (exploitable via remotely originated content).
A missing movie attribute is interpreted as an extension, but the absence of the extension is not flagged as an error, resulting in a de-reference of a NULL pointer. This will cause a denial of service against any application loading remotely-originated content.
Vendor Status:
Vendor (Apple) has been noticed and released all necessary patches.
|
|
|
|
|
|
|
|
|
|
