- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Apple QuickTime SMIL File Processing Integer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.apple.com/quicktime/> QuickTime is Apple's media player
product used to render video and other media. The Synchronized Multimedia
Integration Language (SMIL) provides a high-level scripting syntax for
describing multimedia presentations. SMIL files are text files that use
XML-based syntax to specify what media elements to present, and where and
when to present them. Remote exploitation of an integer overflow
vulnerability in Apple Computer Inc.'s QuickTime media player could allow
attackers to execute arbitrary code in the context of the targeted user.
DETAILS
Vulnerable Systems:
* QuickTime version 7.1.3
* QuickTime version 7.1.5
Immune Systems:
* QuickTime version 7.2
The vulnerability specifically exists in QuickTime players handling of the
title and author fields in an SMIL file. When parsing an SMIL file,
arithmetic calculations can cause insufficient memory to be allocated.
When copying in user-supplied data from the SMIL file, a heap-based buffer
overflow occurs. This results in a potentially exploitable condition.
Analysis:
Exploitation could allow attackers to execute arbitrary code in the
context of the current user.
In order to exploit this vulnerability, an attacker must persuade a user
into using QuickTime to open a specially crafted SMIL file. This could be
accomplished using a malicious SMIL file referenced from a website under
the attacker's control.
Vendor response:
Apple has released QuickTime 7.2 which resolves this issue. More
information is available via Apple's QuickTime Security Update page at the
URL: <http://docs.info.apple.com/article.html?artnum=305947>
http://docs.info.apple.com/article.html?artnum=305947
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2394>
CVE-2007-2394
Disclosure Timeline:
04/02/2007 - Initial vendor notification
04/09/2007 - Initial vendor response
07/11/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by David Vaartjes from ITsec Security
Services.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment