ID

VAR-200801-0212

CVE

CVE-2008-0234

TITLE

Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability

DESCRIPTION

Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Winodws Plate and Mac Edition QuickTime Are affected by this vulnerability. Also, iTunes Such QuickTime Systems that have installed software that uses Microsoft are also affected by this vulnerability. In addition, verification code that exploits this vulnerability has already been published. 2008/01/16 Apple Is Quicktime 7.4 Was released, but after confirming it based on the verification code for this case, Quicktime 7.3 The same phenomenon as the access violation that occurred in was confirmed. Care must be taken until a formal measure is released on this matter.Various web page content and Quicktime Crafted by a remote third party through a media link file RTSP stream Arbitrary code execution or denial of service due to user connection to (DoS) You can be attacked. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. NOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. If the user follows the rtsp:// connection and the server's port 554 is closed, Quicktime will automatically change the transmission method and try the HTTP protocol on port 80, and the LCD type screen will display the server's 404 error message. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple TV Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31034 VERIFY ADVISORY: http://secunia.com/advisories/31034/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Apple TV 2.x http://secunia.com/product/19289/ DESCRIPTION: Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the handling of data reference atoms in movie files can be exploited to cause a buffer overflow. For more information see vulnerability #3 in: SA29650 2) A boundary error in the handling of "crgn" atoms in movie files can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #5 in: SA29650 3) A boundary error in the handling of "chan" atoms in movie files can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #6 in: SA29650 4) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs. For more information: SA28423 6) A boundary error when processing compressed PICT images can be exploited to cause a buffer overflow. For more information see vulnerability #4 in: SA28502 SOLUTION: Update to version 2.1. PROVIDED AND/OR DISCOVERED BY: 1,6) Chris Ries of Carnegie Mellon University Computing Services. 2) Sanbin Li, reporting via ZDI. 3) An anonymous researcher, reporting via ZDI. 4) Independently discovered by: * Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs * Petko D. (pdp) Petkov, GNUCITIZEN 5) Luigi Auriemma ORIGINAL ADVISORY: http://support.apple.com/kb/HT2304 OTHER REFERENCES: SA28423: http://secunia.com/advisories/28423/ SA28502: http://secunia.com/advisories/28502/ SA29293: http://secunia.com/advisories/29293/ SA29650: http://secunia.com/advisories/29650/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. sending a specially crafted reply containing an overly-long "Reason-Phrase". Successful exploitation may allow execution of arbitrary code, but requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site. SOLUTION: Do not browse untrusted websites, open malicious .QTL files, or follow untrusted links

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Luigi Auriemma aluigi@pivx.com

SOURCES

LAST UPDATE DATE

2025-04-10T22:57:06.114000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE