ID

VAR-201202-0143

CVE

CVE-2011-3460

TITLE

Apple Mac OS X of QuickTime Vulnerable to buffer overflow

DESCRIPTION

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application. Apple Mac OS X is prone to a buffer-overflow vulnerability. Failed exploit attempts will likely result in a denial-of-service condition. The following versions are affected: Mac OS X 10.6.8 Mac OS X Server 10.6.8 Mac OS X 10.7 to 10.7.2 Mac OS X Server 10.7 to 10.7.2 NOTE: This issue was previously discussed in BID 51798 (Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. - -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT5130 - -- Disclosure Timeline: 2011-10-21 - Vulnerability reported to vendor 2012-04-09 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Luigi Auriemma - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPgvVYAAoJEFVtgMGTo1scgOYIAKGk8Mau4AEfKu7g4tm9xC27 5p2IR73/S+fF+B0KKI28Kbb0hcdYJO3PmDx4JpTgPL7NvuWlA6gwwMu0XVGLSdQ8 U8JLNIekbw1NO4OCPeWn6+BlMDgAeef5bAXJ3Z0Dbgrr5CasaQCLkqxthW6hT5Eo gkZooI/tZXgeaNCsvKZyPLuPHviqn7ijrsbMoeJwqPcC73G4fe0WGSpaDCFyBI/Q XWEybCQjztHDUqpz2P3sCFvqPMjJRKzmET0pXPxjN7m/IhhigEQUuMJNHD/ebrnz OVTgycHGBUfD+YrAio6h/DGyBkIWAqZapi8qc+KIBg+Ikc9PiB8YlGI3o/Z/HVA= =Y0Ke -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack overflows existed in QuickTime's handling of TeXML files. CVE-ID CVE-2012-0663 : Alexander Gavrun working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap overflow existed in QuickTime's handling of text tracks. CVE-ID CVE-2012-0664 : Alexander Gavrun working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of H.264 encoded movie files. CVE-ID CVE-2012-0665 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio sample tables. CVE-ID CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of MPEG files. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime plugin's handling of QTMovie objects. CVE-ID CVE-2011-3460 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of QTVR movie files. CVE-ID CVE-2012-0667 : Alin Rad Pop working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. CVE-ID CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of Sorenson encoded movie files. CVE-ID CVE-2012-0669 : Damian Put working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in QuickTime's handling of file paths. CVE-ID CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security Center via Secunia SVCRP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow existed in QuickTime's handling of audio streams in MPEG files. CVE-ID CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime 7.7.2 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: ed569d62b3f8c24ac8e9aec7275f17cbb14d2124 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJPsobhAAoJEPefwLHPlZEwk/sP/0C8iXVhnG481GbA03CMhKXJ XDooIlCG6YeoeJxGfri/vqlzqcHe3R90K6R89z1dKGU2bWGvtITh95E+WKll++7F hHYq6YC+r/o1cP1SjBi6A3swhN57m1nQZRIEnnIm+nBSxaiHA6xdRSUaK4ighLSA jbOVfu/6NPuGSlgWBPKSISDY2FhL0GH0QVLW/piVtMTrxhizlE7dgieipAPoVvRC SW2W0te7ujo2X167f2GS8EwplUkj/yVeScdr/6HjLkAXIQ1B9RNqTeOdyQZjTxay 32xhZTQ+JfSQzY6VSGoF0bqlK39u5UyzySIKS446OxclYI6xGKSFvTN3nBUwERd+ W+E/4k3Ry4OYEkgZ5yltXO8bJvGZtmpLOkq94Vb4w7EaEgJ452J/YjqCEEbmtAKM 0W9g1jt5av5Hv+vQ7rufR1tJ6CqkIDDr0f3qY+W/F8ZtdA8Bkvm9568d3L1Vlbai zy89w39Z1RTPMLccZEhtd+80f75P+R3n88X5czjXYignrUJbxhM/S8meqQB5GUB9 nJvZtWB1wlACHJ/EKUTv6miK20XE1OukRyvW0o7WWplqBj5KFWvRcV0tovfybGY9 EKwmao4Hwmq+ovJBFLZj/TV6MMxsJjS9qVea/yOlzZCy+6dwok38yyMAqy+m2dLT X2aq0dgzK7qjPx0FRyOx =BPXs -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Luigi Auriemma

SOURCES

LAST UPDATE DATE

2025-04-11T20:09:41.474000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE