Executive Summary

Summary
Title Apple QuickTime buffer overflow vulnerability
Informations
Name VU#690515 First vendor Publication 2007-11-13
Vendor VU-CERT Last vendor Modification 2007-11-13
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#690515

Apple QuickTime buffer overflow vulnerability

Overview

Apple QuickTime contains a stack buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code.

I. Description

Apple QuickTime is a media player that includes a browser plugin. QuickTime can display PICT images.

From Apple Article ID: 306896"About the security content of QuickTime 7.3":

    A stack buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT files. Credit to Ruben Santamarta of reversemode.com working with TippingPoint and the Zero Day Initiative for reporting this issue.
To exploit this vulnerability, an attacker would have to convince a user to open a specially crafted PICT image, which could be hosted on a web page.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause QuickTime to crash.

III. Solution

Upgrade

Apple has addressed this issue in QuickTime 7.3.

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable13-Nov-2007

References


http://docs.info.apple.com/article.html?artnum=306896
http://www.zerodayinitiative.com/advisories/ZDI-07-067.html

Credit

Apple credits Ruben Santamarta of reversemode.com and TippingPoint for reporting this issue.

This document was written by Ryan Giobbi.

Other Information

Date Public11/05/2007
Date First Published11/13/2007 11:30:09 AM
Date Last Updated11/13/2007
CERT Advisory 
CVE NameCVE-2007-4676
Metric19.15
Document Revision2

Original Source

Url : http://www.kb.cert.org/vuls/id/690515

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 179
Os 3
Os 1
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
38546 Apple QuickTime PICT Image Handling Multiple Element Parsing Overflow

Snort® IPS/IDS

Date Description
2014-11-16 Apple QuickTime pict image poly structure memory corruption attempt
RuleID : 31309 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-11-16 Apple QuickTime pict image poly structure memory corruption attempt
RuleID : 31308 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-02-21 Apple QuickTime pict image poly structure memory corruption attempt
RuleID : 29436 - Revision : 3 - Type : FILE-MULTIMEDIA
2014-02-21 Apple QuickTime pict image poly structure memory corruption attempt
RuleID : 29435 - Revision : 3 - Type : FILE-MULTIMEDIA
2014-01-10 Apple QuickTime pict image poly structure memory corruption attempt
RuleID : 26472 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Apple QuickTime pict image poly structure memory corruption attempt
RuleID : 15384 - Revision : 15 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

Date Description
2007-11-06 Name : The remote Mac OS X host contains an application that is affected by multiple...
File : macosx_Quicktime73.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Windows host contains an application that is affected by multiple ...
File : quicktime_73.nasl - Type : ACT_GATHER_INFO