ID

VAR-200906-0034

CVE

CVE-2009-0185

TITLE

Apple QuickTime In MS ADPCM Buffer overflow vulnerability in processing of encoded audio data

DESCRIPTION

Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. Apple QuickTime is prone to a heap-based buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially AVI crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. Versions of QuickTime prior to 7.6.2 have multiple security vulnerabilities that allow users to cause a denial of service or completely compromise a user's system through malformed media files. ====================================================================== Secunia Research 02/06/2009 - Apple QuickTime MS ADPCM Encoding Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * Apple QuickTime version 7.6 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System access Where: Remote ====================================================================== 3) Vendor's Description of Software "Whether you are creating content for delivery on cell phones, broadcast or the Internet, or a software developer looking to take your application to the next level, QuickTime provides the most comprehensive platform in the industry." Product Link: http://www.apple.com/quicktime/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the processing of MS ADPCM encoded audio data. ====================================================================== 5) Solution Update to version 7.6.2. ====================================================================== 6) Time Table 04/02/2009 - Vendor notified. 05/02/2009 - Vendor response. 25/05/2009 - Status update requested. 26/05/2009 - Vendor provides status update. 02/06/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Alin Rad Pop, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-0185 for the vulnerability. Apple: http://support.apple.com/kb/HT3591 ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-6/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== . ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Apple QuickTime PICT Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA35091 VERIFY ADVISORY: http://secunia.com/advisories/35091/ DESCRIPTION: A vulnerability has been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system The vulnerability is caused due to an error in the processing of "0x77" tags within PICT images, which can be exploited to cause a heap-based buffer overflow when the user opens a specially crafted PICT image or visits a malicious web site. This is related to vulnerability #30 in: SA35074 SOLUTION: Do not browse untrusted web sites. Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Damian Put and Sebastian Apelt, reported via ZDI. ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-09-021/ OTHER REFERENCES: SA35074: http://secunia.com/advisories/35074/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Charlie Miller Damian Put※ pucik@cc-team.org

SOURCES

LAST UPDATE DATE

2025-04-10T21:29:22.930000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE