Details of VAR-201402-0414

ID

VAR-201402-0414

CVE

CVE-2014-1243

TITLE

Apple QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-001471

DESCRIPTION

Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the nam atom in an mp4 file. Manipulation of this atom can corrupt memory and a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process. Versions prior to QuickTime 7.7.5 are vulnerable on Windows 7, Vista, and XP SP2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. Apple QuickTime 7.7.4 and earlier had an uninitialized pointer problem when handling track lists. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-3 QuickTime 7.7.5 QuickTime 7.7.5 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized pointer issue existed in the handling of track lists. This issue was addressed through improved error checking. CVE-ID CVE-2014-1243 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1244 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of QuickTime image descriptions. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1250 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'clef' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1251 : Aliz Hammond working with HP's Zero Day Initiative QuickTime 7.7.5 may be obtained from the QuickTime Downloads site: http://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTDNezAAoJEPefwLHPlZEwA28P/24CQNEYClDxGO81zpafYO0R zNWNZiyxkcMWYGuDXvcN5HLiLiDwOkJqUMMkOxzCtsTKw69xopzlebzyZ4CS4YiZ J4xQzzGjD3dOtseQLTHp1CRNXUl/sIgR1ztS+qCkmh5/QJlSEQlg/as9KlJ0RM2Q yzUfMjy92KZjmGRsEimFbI2xq9lMR1nwMC0pJvB4T670rK3SHEUs1lfpv2HNOAR7 54s7OL8TU+L/xAo2HfS6+2LScKIrye7vsOMH0KuB3BiQ16HBYRQdL+tWV3HAF/Cl fk5EZQplKBcB3ljR6fvM3xv0xBtxo1AzYCuoJWu2Hr7kB/EsnBWKn/Tok6+6m0Fv 7KlV1x6o23omqtFgXuI+wUm6Vp5q0kvnZghVIcZ+gWMa5utakYazCJ2v+HX8C0Jf exyk+l44APSEQ+n31HVEqcD8AfOj7HuRN/lP+N8KOPDMIMKEpvhvmB+x9+9b54y4 c5S/zX2q3KQUra5/zGSmgMHeMAoMkvz+4bVZnINTzVx/gcROWhzPjv+R/pD/ofLR 8rAQJvt9JOcrrfGnsk94ghimc6ZntpfMwkTLp82iRQcQuu5L5YR3lsAnZne1OExf 8e9FVCbmdvoWsACPsvWvAhf0qoAX3B70lSybPXL8rYG+curfL0NlJb9ib6bho0wC kgqQGWbrFmVneRK/E72N =Kg2H -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2014-1243 // JVNDB: JVNDB-2014-001471 // ZDI: ZDI-14-044 // BID: 65784 // VULHUB: VHN-69182 // PACKETSTORM: 125429

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	eq	version:	7.67.75.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.7.3	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.69.80.9	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.71.80.42	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.68.75.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.70.80.34	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.66.71.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.7.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.7.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.7.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.8	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.6	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lte	version:	7.7.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.64.17.73	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.60.92.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.1.70	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.5.5	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.7	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.6	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.9	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.62.14.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.65.17.80	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.5 (windows 7)	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.5 (windows vista)	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	lt	version:	7.7.5 (windows xp sp2 or later )	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-14-044 // JVNDB: JVNDB-2014-001471 // CNNVD: CNNVD-201402-436 // NVD: CVE-2014-1243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1243
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1243
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-1243
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201402-436
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-69182
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-1243
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2014-1243
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-69182
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-14-044 // VULHUB: VHN-69182 // JVNDB: JVNDB-2014-001471 // CNNVD: CNNVD-201402-436 // NVD: CVE-2014-1243

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-69182 // JVNDB: JVNDB-2014-001471 // NVD: CVE-2014-1243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-436

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201402-436

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001471

PATCH

title:	APPLE-SA-2014-02-25-3	url:	http://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html	Trust: 0.8
title:	HT6151	url:	http://support.apple.com/kb/HT6151	Trust: 0.8
title:	HT6151	url:	http://support.apple.com/kb/HT6151?viewlocale=ja_JP	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	http://support.apple.com/kb/HT1222	Trust: 0.7

sources: ZDI: ZDI-14-044 // JVNDB: JVNDB-2014-001471

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1243	Trust: 3.6
db:	JVN	id:	JVNVU95788297	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001471	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1737	Trust: 0.7
db:	ZDI	id:	ZDI-14-044	Trust: 0.7
db:	CNNVD	id:	CNNVD-201402-436	Trust: 0.7
db:	SECUNIA	id:	57148	Trust: 0.6
db:	BID	id:	65784	Trust: 0.4
db:	SEEBUG	id:	SSVID-61608	Trust: 0.1
db:	VULHUB	id:	VHN-69182	Trust: 0.1
db:	PACKETSTORM	id:	125429	Trust: 0.1

sources: ZDI: ZDI-14-044 // VULHUB: VHN-69182 // BID: 65784 // JVNDB: JVNDB-2014-001471 // PACKETSTORM: 125429 // CNNVD: CNNVD-201402-436 // NVD: CVE-2014-1243

REFERENCES

url:	http://support.apple.com/kb/ht6151	Trust: 1.7
url:	http://support.apple.com/kb/ht1222	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1243	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95788297/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1243	Trust: 0.8
url:	http://secunia.com/advisories/57148	Trust: 0.6
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1250	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1245	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1246	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1247	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1251	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1243	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1249	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1248	Trust: 0.1
url:	http://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1244	Trust: 0.1

sources: ZDI: ZDI-14-044 // VULHUB: VHN-69182 // BID: 65784 // JVNDB: JVNDB-2014-001471 // PACKETSTORM: 125429 // CNNVD: CNNVD-201402-436 // NVD: CVE-2014-1243

CREDITS

Tom Gallagher (Microsoft) & Paul Bates (Microsoft)

Trust: 0.7

sources: ZDI: ZDI-14-044

SOURCES

db:	ZDI	id:	ZDI-14-044
db:	VULHUB	id:	VHN-69182
db:	BID	id:	65784
db:	JVNDB	id:	JVNDB-2014-001471
db:	PACKETSTORM	id:	125429
db:	CNNVD	id:	CNNVD-201402-436
db:	NVD	id:	CVE-2014-1243

LAST UPDATE DATE

2025-04-13T22:08:09.282000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-044	date:	2014-04-03T00:00:00
db:	VULHUB	id:	VHN-69182	date:	2014-02-27T00:00:00
db:	BID	id:	65784	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001471	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-436	date:	2014-06-17T00:00:00
db:	NVD	id:	CVE-2014-1243	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-14-044	date:	2014-04-03T00:00:00
db:	VULHUB	id:	VHN-69182	date:	2014-02-27T00:00:00
db:	BID	id:	65784	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001471	date:	2014-02-28T00:00:00
db:	PACKETSTORM	id:	125429	date:	2014-02-26T22:26:17
db:	CNNVD	id:	CNNVD-201402-436	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-1243	date:	2014-02-27T01:55:03.617