- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
QuickTime is "Apple's media player product used to render video and other
media. QuickTime VR (virtual reality) is a type of image file format
supported by Apple's QuickTime. It allows the creation and viewing of
photographically captured panoramas and the exploration of objects through
images taken at multiple viewing angles". Remote exploitation of a heap
overflow vulnerability in Apple Inc.'s QuickTime media player could allow
attackers to execute arbitrary code in the context of the targeted user.
DETAILS
Vulnerable Systems:
* QuickTime VR extension version 7.2.0.240 as included in QuickTime
Player version 7.2
Immune Systems:
* QuickTime Player version 7.3
The vulnerability specifically exists in QuickTime Player's handling of
Panorama Sample atoms in QuickTime Virtual Reality movie. When processing
panorama sample atoms, the size field in the atom header is not validated.
QuickTime will copy the specified amount of memory to a fixed-size heap
buffer, causing heap corruption.
Analysis:
Exploitation could allow attackers to execute arbitrary code in the
context of the current user. To exploit this vulnerability, an attacker
must persuade a user into using QuickTime to open a specially crafted
QuickTime movie file. This could be accomplished by persuading the user to
click a direct link to a malicious VR movie file. Additionally, this
vulnerability could be exploited within a malicious web page.
Workaround:
Disabling the QuickTime plug-in for browsers can mitigate Web page attack
vectors. To do this, uncheck the "Play movies automatically" setting
within the QuickTime preferences Browser->Playback tab.
Vendor response:
Apple has released QuickTime 7.3 which resolves this issue. More
information is available via Apple's QuickTime Security Update page at the
URL shown below: <http://docs.info.apple.com/article.html?artnum=306896>
http://docs.info.apple.com/article.html?artnum=306896
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4675>
CVE-2007-4675
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment