Sign-up

ID

VAR-201402-0391


CVE

CVE-2014-1251


TITLE

Apple QuickTime Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-001479

DESCRIPTION

Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of the clef atom. An attacker can use this flaw to overflow an improperly allocated buffer, which could allow for the execution of arbitrary code in the context of the current process. Versions prior to QuickTime 7.7.5 are vulnerable on Windows 7, Vista, and XP SP2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-3 QuickTime 7.7.5 QuickTime 7.7.5 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized pointer issue existed in the handling of track lists. This issue was addressed through improved error checking. CVE-ID CVE-2014-1243 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1244 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of QuickTime image descriptions. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1251 : Aliz Hammond working with HP's Zero Day Initiative QuickTime 7.7.5 may be obtained from the QuickTime Downloads site: http://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTDNezAAoJEPefwLHPlZEwA28P/24CQNEYClDxGO81zpafYO0R zNWNZiyxkcMWYGuDXvcN5HLiLiDwOkJqUMMkOxzCtsTKw69xopzlebzyZ4CS4YiZ J4xQzzGjD3dOtseQLTHp1CRNXUl/sIgR1ztS+qCkmh5/QJlSEQlg/as9KlJ0RM2Q yzUfMjy92KZjmGRsEimFbI2xq9lMR1nwMC0pJvB4T670rK3SHEUs1lfpv2HNOAR7 54s7OL8TU+L/xAo2HfS6+2LScKIrye7vsOMH0KuB3BiQ16HBYRQdL+tWV3HAF/Cl fk5EZQplKBcB3ljR6fvM3xv0xBtxo1AzYCuoJWu2Hr7kB/EsnBWKn/Tok6+6m0Fv 7KlV1x6o23omqtFgXuI+wUm6Vp5q0kvnZghVIcZ+gWMa5utakYazCJ2v+HX8C0Jf exyk+l44APSEQ+n31HVEqcD8AfOj7HuRN/lP+N8KOPDMIMKEpvhvmB+x9+9b54y4 c5S/zX2q3KQUra5/zGSmgMHeMAoMkvz+4bVZnINTzVx/gcROWhzPjv+R/pD/ofLR 8rAQJvt9JOcrrfGnsk94ghimc6ZntpfMwkTLp82iRQcQuu5L5YR3lsAnZne1OExf 8e9FVCbmdvoWsACPsvWvAhf0qoAX3B70lSybPXL8rYG+curfL0NlJb9ib6bho0wC kgqQGWbrFmVneRK/E72N =Kg2H -----END PGP SIGNATURE-----

Trust: 2.79

sources: NVD: CVE-2014-1251 // JVNDB: JVNDB-2014-001479 // ZDI: ZDI-14-049 // BID: 65787 // VULHUB: VHN-69190 // VULMON: CVE-2014-1251 // PACKETSTORM: 125429

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:7.67.75.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.7.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.69.80.9

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.71.80.42

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.68.75.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.70.80.34

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.66.71.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.7.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.7.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.7.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.8

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.6

Trust: 1.0

vendor:applemodel:quicktimescope:lteversion:7.7.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.2.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.64.17.73

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.60.92.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1.70

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.7

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.6

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.9

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.2.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.62.14.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.65.17.80

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.7.5 (windows 7)

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.7.5 (windows vista)

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.7.5 (windows xp sp2 or later )

Trust: 0.8

vendor:applemodel:quicktimescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-14-049 // JVNDB: JVNDB-2014-001479 // CNNVD: CNNVD-201402-444 // NVD: CVE-2014-1251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1251
value: HIGH

Trust: 1.0

NVD: CVE-2014-1251
value: HIGH

Trust: 0.8

ZDI: CVE-2014-1251
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201402-444
value: CRITICAL

Trust: 0.6

VULHUB: VHN-69190
value: HIGH

Trust: 0.1

VULMON: CVE-2014-1251
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-1251
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2014-1251
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-69190
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-14-049 // VULHUB: VHN-69190 // VULMON: CVE-2014-1251 // JVNDB: JVNDB-2014-001479 // CNNVD: CNNVD-201402-444 // NVD: CVE-2014-1251

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-69190 // JVNDB: JVNDB-2014-001479 // NVD: CVE-2014-1251

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-444

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201402-444

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001479

PATCH
title:APPLE-SA-2014-02-25-3url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html
Trust: 0.8
title:HT6151url:http://support.apple.com/kb/HT6151
Trust: 0.8
title:HT6151url:http://support.apple.com/kb/HT6151?viewlocale=ja_JP
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:http://support.apple.com/kb/HT1222
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-049 // 
            
            
            
            JVNDB: JVNDB-2014-001479

EXTERNAL IDS
db:NVDid:CVE-2014-1251
Trust: 3.7
db:BIDid:65787
Trust: 1.5
db:JVNid:JVNVU95788297
Trust: 0.8
db:JVNDBid:JVNDB-2014-001479
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-1945
Trust: 0.7
db:ZDIid:ZDI-14-049
Trust: 0.7
db:CNNVDid:CNNVD-201402-444
Trust: 0.7
db:SECUNIAid:57148
Trust: 0.6
db:SEEBUGid:SSVID-61607
Trust: 0.1
db:VULHUBid:VHN-69190
Trust: 0.1
db:VULMONid:CVE-2014-1251
Trust: 0.1
db:PACKETSTORMid:125429
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-049 // 
            
            
            
            VULHUB: VHN-69190 // 
            
            
            
            VULMON: CVE-2014-1251 // 
            
            
            
            BID: 65787 // 
            
            
            
            JVNDB: JVNDB-2014-001479 // 
            
            
            
            PACKETSTORM: 125429 // 
            
            
            
            CNNVD: CNNVD-201402-444 // 
            
            
            
            NVD: CVE-2014-1251

REFERENCES
url:http://support.apple.com/kb/ht6151
Trust: 1.8
url:http://www.securityfocus.com/bid/65787
Trust: 1.2
url:http://support.apple.com/kb/ht1222
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1251
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95788297/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1251
Trust: 0.8
url:http://secunia.com/advisories/57148
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1250
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1245
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1246
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1247
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1251
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1032
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1243
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1249
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1248
Trust: 0.1
url:http://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1244
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-049 // 
            
            
            
            VULHUB: VHN-69190 // 
            
            
            
            VULMON: CVE-2014-1251 // 
            
            
            
            BID: 65787 // 
            
            
            
            JVNDB: JVNDB-2014-001479 // 
            
            
            
            PACKETSTORM: 125429 // 
            
            
            
            CNNVD: CNNVD-201402-444 // 
            
            
            
            NVD: CVE-2014-1251

CREDITS
Aliz Hammond
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-049

SOURCES
db:ZDIid:ZDI-14-049
db:VULHUBid:VHN-69190
db:VULMONid:CVE-2014-1251
db:BIDid:65787
db:JVNDBid:JVNDB-2014-001479
db:PACKETSTORMid:125429
db:CNNVDid:CNNVD-201402-444
db:NVDid:CVE-2014-1251

LAST UPDATE DATE
2025-04-13T22:53:55.091000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-049date:2014-04-03T00:00:00
db:VULHUBid:VHN-69190date:2015-10-21T00:00:00
db:VULMONid:CVE-2014-1251date:2015-10-21T00:00:00
db:BIDid:65787date:2014-04-08T15:49:00
db:JVNDBid:JVNDB-2014-001479date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-444date:2014-06-17T00:00:00
db:NVDid:CVE-2014-1251date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-049date:2014-04-03T00:00:00
db:VULHUBid:VHN-69190date:2014-02-27T00:00:00
db:VULMONid:CVE-2014-1251date:2014-02-27T00:00:00
db:BIDid:65787date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001479date:2014-02-28T00:00:00
db:PACKETSTORMid:125429date:2014-02-26T22:26:17
db:CNNVDid:CNNVD-201402-444date:2014-02-28T00:00:00
db:NVDid:CVE-2014-1251date:2014-02-27T01:55:03.807