Executive Summary

Summary
Title Apple QuickTime heap buffer overflow vulnerability
Informations
Name VU#445083 First vendor Publication 2007-11-14
Vendor VU-CERT Last vendor Modification 2007-11-14
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#445083

Apple QuickTime heap buffer overflow vulnerability

Overview

Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code.

I. Description

Apple QuickTime is a media player that includes a browser plugin. Color table atoms can set a list of preferred colors for displaying movieson clients that only support 256 colors.

From Apple Article ID: 306896"About the security content of QuickTime 7.3":

    A heap buffer overflow exists in the parsing of the color table atom when opening a movie file. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of color table atoms.
To exploit this vulnerability, an attacker would have to convince a user to open a specially crafted QuickTime movie which could be hosted on a web page or sent in an email.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause QuickTime to crash.

III. Solution

Upgrade

Apple has addressed this issue in QuickTime 7.3.

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable14-Nov-2007

References


http://docs.info.apple.com/article.html?artnum=306896
http://developer.apple.com/documentation/QuickTime/QTFF/QTFFChap2/chapter_3_section_2.html#//apple_ref/doc/uid/TP40000939-CH204-BBCBDJEB

Credit

Apple credits Ruben Santamarta of reversemode.com and Mario Ballano of 48bits.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

This document was written by Ryan Giobbi.

Other Information

Date Public11/05/2007
Date First Published11/14/2007 10:38:32 PM
Date Last Updated11/14/2007
CERT Advisory 
CVE NameCVE-2007-4677
Metric26.27
Document Revision8

Original Source

Url : http://www.kb.cert.org/vuls/id/445083

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 179
Os 3
Os 1
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
38544 Apple QuickTime Movie File CTAB Handling Overflow

A remote overflow exists in Apple QuickTime Player. The media player fails to provide adequate bounds checking on the color table atom contained in a movie resulting in a heap-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Snort® IPS/IDS

Date Description
2014-01-10 Apple QuickTime color table atom heap corruption attempt
RuleID : 17608 - Revision : 7 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

Date Description
2007-11-06 Name : The remote Mac OS X host contains an application that is affected by multiple...
File : macosx_Quicktime73.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Windows host contains an application that is affected by multiple ...
File : quicktime_73.nasl - Type : ACT_GATHER_INFO