Search This Blog

Thursday, January 22, 2009

[NT] Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability
------------------------------------------------------------------------


SUMMARY

A vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime via a heap corruption in the
STSD field of JPEG images. User interaction is required to exploit this
vulnerability in that the target must open a malicious file.

DETAILS

The specific flaw exists in the handling of JPEG atoms embedded in STSD
atoms within the function JPEG_DComponentDispatch(). When the image width
data in this atom is modified, a heap corruption occurs which can be
further leveraged to execute arbitrary code under the context of the
current user.

Vendor Response:
Apple has issued an update to correct this vulnerability. More details can
be found at:
<http://support.apple.com/kb/HT3403> http://support.apple.com/kb/HT3403

Disclosure Timeline:
2008-06-25 - Vulnerability reported to vendor
2009-01-21 - Coordinated public release of advisory

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0007>
CVE-2009-0007


ADDITIONAL INFORMATION

The information has been provided by <mailto:zdi-disclosures@3com.com>
Zero Day Initiative (ZDI).
The original article can be found at:
<http://www.zerodayinitiative.com/advisories/ZDI-09-008>
http://www.zerodayinitiative.com/advisories/ZDI-09-008

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)