ID

VAR-200711-0301

CVE

CVE-2007-4674

TITLE

Apple QuickTime Video file processing stack-based buffer overflow vulnerability

DESCRIPTION

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. The issue also affects Apple TV 1.0 up to and including 2.1. The specific flaw exists within the parsing of a malformed movie atom. Specifying a large size will result in a stack overflow. -- Vendor Response: Apple has issued an update to correct this vulnerability. 1) An error in the processing of movie atoms can be exploited to cause a stack-based buffer overflow. For more information see vulnerability #8 in: SA27523 2) An error in the processing of STSZ atoms can be exploited to corrupt memory. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Cody Pierce, TippingPoint DVLabs 2) Reported by an anonymous person via ZDI. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Gentoo update for win32codecs SECUNIA ADVISORY ID: SA29182 VERIFY ADVISORY: http://secunia.com/advisories/29182/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for win32codecs. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA21893 SA27523 SA27755 SOLUTION: Update to "media-libs/win32codecs-20071007-r2" or later. Note: This update removes the affected binary Quicktime library. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200803-08.xml OTHER REFERENCES: SA21893: http://secunia.com/advisories/21893/ SA27523: http://secunia.com/advisories/27523/ SA27755: http://secunia.com/advisories/27755/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== Win32 binary codecs provide support for video and audio playback. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/win32codecs < 20071007-r2 >= 20071007-r2 Description =========== Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

digital error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cody Pierce of TippingPoint DVLabs is credited with the discovery of this vulnerability.

SOURCES

LAST UPDATE DATE

2025-04-10T22:42:32.521000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE