ID

VAR-201011-0167

CVE

CVE-2010-3794

TITLE

Apple Mac OS X of QuickTime Vulnerable to arbitrary code execution

DESCRIPTION

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application's support for huffman tables within a flashpix file. By specifying an index larger than a particular value, a pointer will cease to get initialized. Later the application will use this pointer to as the destination in a copy operation. Successful exploitation will lead to code execution under the context of the application. Apple QuickTime is prone to a remote code-execution vulnerability due to a uninitialized memory condition. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. This issue affects Apple Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple QuickTime is a very popular multimedia player. ZDI-10-251: Apple QuickTime FlashPix Max Uninitialized Jpeg Table Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-251 November 10, 2010 -- CVE ID: CVE-2010-3794 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10620. -- Vendor Response: Apple states: Fixed in Mac OS X 10.6.5: http://support.apple.com/kb/HT4435 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-11-10 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Anonymous researcher working with TippingPoint's Zero Day Initiative

SOURCES

LAST UPDATE DATE

2025-04-11T20:25:42.586000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE