Sign-up

ID

VAR-200911-0266


CVE

CVE-2009-2837


TITLE

Apple Mac OS X of QuickDraw Manager Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2009-002340

DESCRIPTION

Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Apple Mac OS X is prone to a remote code-execution vulnerability that affects the QuickDraw Manager. Successfully exploiting this issue may allow attackers to execute arbitrary code and compromise the affected computer. Failed exploit attempts will likely result in a denial-of-service condition. NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. VUPEN Security Research - Apple Quicktime PICT Handling Heap Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple QuickTime is software that allows Mac and Windows users to play back audio and video on their computers. But taking a deeper look, QuickTime is many things: a file format, an environment for media authoring and a suite of applications" from Apple.com II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in Apple Quicktime. III. AFFECTED PRODUCTS -------------------------------- Apple QuickTime versions prior to 7.6.6 IV. Exploits - PoCs & Binary Analysis ---------------------------------------- In-depth binary analysis of the vulnerability and an exploit code have been released by VUPEN through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits V. SOLUTION ---------------- Upgrade to Apple QuickTime version 7.6.6 : http://www.apple.com/quicktime/download/ VI. CREDIT -------------- The vulnerability was discovered by Nicolas Joly of VUPEN Security VII. ABOUT VUPEN Security --------------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits VIII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/0746 http://support.apple.com/kb/HT4104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2837 IX. DISCLOSURE TIMELINE ----------------------------------- 2009-05-28 - Vendor notified 2009-05-28 - Vendor response 2009-07-18 - Status update received 2009-10-30 - Status update received 2010-01-07 - Status update received 2010-03-11 - Status update received 2010-03-31 - Coordinated public Disclosure

Trust: 2.34

sources: NVD: CVE-2009-2837 // JVNDB: JVNDB-2009-002340 // BID: 36956 // BID: 36985 // VULHUB: VHN-40283 // PACKETSTORM: 87926

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.1

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.1

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.6.6

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.6.2

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.6.6

Trust: 0.3

sources: BID: 36956 // BID: 36985 // JVNDB: JVNDB-2009-002340 // CNNVD: CNNVD-200911-112 // NVD: CVE-2009-2837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2837
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2837
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200911-112
value: MEDIUM

Trust: 0.6

VULHUB: VHN-40283
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2837
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40283
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40283 // JVNDB: JVNDB-2009-002340 // CNNVD: CNNVD-200911-112 // NVD: CVE-2009-2837

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-40283 // JVNDB: JVNDB-2009-002340 // NVD: CVE-2009-2837

THREAT TYPE

network

Trust: 0.6

sources: BID: 36956 // BID: 36985

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200911-112

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002340

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-40283

PATCH
title:HT3937url:http://support.apple.com/kb/HT3937
Trust: 0.8
title:HT4104url:http://support.apple.com/kb/HT4104
Trust: 0.8
title:HT4104url:http://support.apple.com/kb/HT4104?viewlocale=ja_JP
Trust: 0.8
title:HT3937url:http://support.apple.com/kb/HT3937?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002340

EXTERNAL IDS
db:NVDid:CVE-2009-2837
Trust: 2.9
db:VUPENid:ADV-2009-3184
Trust: 2.5
db:BIDid:36956
Trust: 2.0
db:JVNDBid:JVNDB-2009-002340
Trust: 0.8
db:CNNVDid:CNNVD-200911-112
Trust: 0.7
db:APPLEid:APPLE-SA-2009-11-09-1
Trust: 0.6
db:BIDid:36985
Trust: 0.4
db:PACKETSTORMid:87926
Trust: 0.2
db:VULHUBid:VHN-40283
Trust: 0.1
db:VUPENid:ADV-2010-0746
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40283 // 
            
            
            
            BID: 36956 // 
            
            
            
            BID: 36985 // 
            
            
            
            JVNDB: JVNDB-2009-002340 // 
            
            
            
            PACKETSTORM: 87926 // 
            
            
            
            CNNVD: CNNVD-200911-112 // 
            
            
            
            NVD: CVE-2009-2837

REFERENCES
url:http://www.vupen.com/english/advisories/2009/3184
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html
Trust: 1.7
url:http://www.securityfocus.com/bid/36956
Trust: 1.7
url:http://support.apple.com/kb/ht3937
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00002.html
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6707
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2837
Trust: 0.9
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2837
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
url:http://www.apple.com/quicktime/download/
Trust: 0.1
url:http://www.vupen.com/english/advisories/2010/0746
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-2837
Trust: 0.1
url:http://www.vupen.com/english/research.php
Trust: 0.1
url:http://support.apple.com/kb/ht4104
Trust: 0.1
url:http://www.vupen.com/exploits
Trust: 0.1
url:http://www.vupen.com/english/services
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40283 // 
            
            
            
            BID: 36956 // 
            
            
            
            BID: 36985 // 
            
            
            
            JVNDB: JVNDB-2009-002340 // 
            
            
            
            PACKETSTORM: 87926 // 
            
            
            
            CNNVD: CNNVD-200911-112 // 
            
            
            
            NVD: CVE-2009-2837

CREDITS
Brian MastenbrookRegis DuchesneNicolas Joly
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200911-112

SOURCES
db:VULHUBid:VHN-40283
db:BIDid:36956
db:BIDid:36985
db:JVNDBid:JVNDB-2009-002340
db:PACKETSTORMid:87926
db:CNNVDid:CNNVD-200911-112
db:NVDid:CVE-2009-2837

LAST UPDATE DATE
2025-04-10T22:31:47.694000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40283date:2017-09-19T00:00:00
db:BIDid:36956date:2009-11-11T20:56:00
db:BIDid:36985date:2010-04-01T18:42:00
db:JVNDBid:JVNDB-2009-002340date:2010-04-27T00:00:00
db:CNNVDid:CNNVD-200911-112date:2009-11-10T00:00:00
db:NVDid:CVE-2009-2837date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40283date:2009-11-10T00:00:00
db:BIDid:36956date:2009-11-09T00:00:00
db:BIDid:36985date:2009-11-09T00:00:00
db:JVNDBid:JVNDB-2009-002340date:2009-12-18T00:00:00
db:PACKETSTORMid:87926date:2010-04-01T20:02:48
db:CNNVDid:CNNVD-200911-112date:2009-11-10T00:00:00
db:NVDid:CVE-2009-2837date:2009-11-10T19:30:01.593