ID

VAR-200704-0420

CVE

CVE-2007-2296

TITLE

Apple QuickTime fails to properly handle malformed movie files

DESCRIPTION

Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file. Apple QuickTime fails to properly handle malformed movie files. Failed exploit attempts likely result in denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. A vulnerability exists in QuickTime's handling of MP4 files containing malformed data. Attackers may exploit this vulnerability to gain control of users' machines by tricking them into processing malicious MP4 files. The debugging information is as follows: Reason: KERN_PROTECTION_FAILURE at address: 0x00458000 0x9431cc63 in FlipFileTypeAtom_BtoN () (gdb) bt #0 0x9431cc63 in FlipFileTypeAtom_BtoN () #1 0x9431c208 in PrivateNewMovieFromDataFork_priv () #2 0x9431b04a in NewMovieFromFilePriv () #3 0x943177d5 in NewMovieFromDataRefPriv_priv () #4 0x943164b2 in NewMovieFromProperties_priv () #5 0x95a24920 in -[QTMovie initWithAttributes:error:] () #6 0x95a22f31 in +[QTMovie movieWithAttributes:error:] () #7 0x0000adb7 in -[QTPMovieDocument:File]Type readFrom:. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26034 VERIFY ADVISORY: http://secunia.com/advisories/26034/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote REVISION: 1.1 originally posted 2007-07-12 SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error exists in the processing of H.264 movies. This can be exploited to cause memory corruption and may allow execution of arbitrary code when a user accesses a specially crafted H.264 movie. 2) An unspecified error exists in the processing of movie files. 4) An integer overflow error exists in the handling of the "author" and "title" fields when parsing SMIL files. 5) A design error exists in QuickTime for Java, which can be exploited to disable security checks and execute arbitrary code when a user visits a web site containing a specially crafted Java applet. 6) A design error exists in QuickTime for Java, which can be exploited to bypass security checks and read and write to process memory. This can lead to execution of arbitrary code when a user visits a web site containing a specially crafted Java applet. 7) A design error exists in QuickTime for Java due to JDirect exposing interfaces that may allow loading arbitrary libraries and freeing arbitrary memory. 8) A design error exists in QuickTime for Java, which can be exploited to capture the user's screen content when a user visits a web site containing a specially crafted Java applet. The vulnerabilities are reported in versions prior to 7.2. SOLUTION: Update to version 7.2. QuickTime 7.2 for Mac: http://www.apple.com/support/downloads/quicktime72formac.html QuickTime 7.2 for Windows: http://www.apple.com/support/downloads/quicktime72forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Tom Ferris, Security-Protocols.com and Matt Slot, Ambrosia Software, Inc. 2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software. 3) The vendor credits Tom Ferris, Security-Protocols.com. 4) David Vaartjes of ITsec Security Services, reported via iDefense. 5, 6, 7) The vendor credits Adam Gowdiak. 8) Reported by the vendor. CHANGELOG: 2007-07-12: Added link to US-CERT. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305947 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556 OTHER REFERENCES: US-CERT VU#582681: http://www.kb.cert.org/vuls/id/582681 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-193A Apple Releases Security Updates for QuickTime Original release date: July 12, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.2 resolves multiple vulnerabilities in the way Java applets and various types of media files are handled. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page. Note that QuickTime ships with Apple iTunes. For more information, please refer to the Vulnerability Notes Database. II. For further information, please see the Vulnerability Notes Database. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.2. This and other updates for Mac OS X are available via Apple Update. On Microsoft Windows, QuickTime users can install the update by using the built-in auto-update mechanism, Apple Software Update, or by installing the update manually. Disabling QuickTime in your web browser may defend against this attack vector. For more information, refer to the Securing Your Web Browser document. Disabling Java in your web browser may defend against this attack vector. Instructions for disabling Java can be found in the Securing Your Web Browser document. References * Vulnerability Notes for QuickTime 7.2 - <http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72> * About the security content of the QuickTime 7.2 Update - <http://docs.info.apple.com/article.html?artnum=305947> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime 7.2 for Windows - <http://www.apple.com/support/downloads/quicktime72forwindows.html> * Apple QuickTime 7.2 for Mac - <http://www.apple.com/support/downloads/quicktime72formac.html> * Standalone Apple QuickTime Player - <http://www.apple.com/quicktime/download/standalone.html> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-193A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History Thursday July 12, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr 4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV 8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ +ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8 a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ== =EV1X -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

digital error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Tom Ferris※ tommy@security-protocols.com

SOURCES

LAST UPDATE DATE

2025-04-10T20:41:59.560000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE