Sign-up

ID

VAR-201402-0415


CVE

CVE-2014-1244


TITLE

Apple QuickTime Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-001472

DESCRIPTION

Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the stsz atom. By creating a deliberately malformed stsz atom, an attacker is able to cause a heap overflow within the QuickTime parser. Using this vulnerability, an attacker can execute arbitrary code in the context of the user. Versions prior to QuickTime 7.7.5 are vulnerable on Windows 7, Vista, and XP SP2. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-3 QuickTime 7.7.5 QuickTime 7.7.5 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized pointer issue existed in the handling of track lists. This issue was addressed through improved error checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1244 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of QuickTime image descriptions. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1251 : Aliz Hammond working with HP's Zero Day Initiative QuickTime 7.7.5 may be obtained from the QuickTime Downloads site: http://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTDNezAAoJEPefwLHPlZEwA28P/24CQNEYClDxGO81zpafYO0R zNWNZiyxkcMWYGuDXvcN5HLiLiDwOkJqUMMkOxzCtsTKw69xopzlebzyZ4CS4YiZ J4xQzzGjD3dOtseQLTHp1CRNXUl/sIgR1ztS+qCkmh5/QJlSEQlg/as9KlJ0RM2Q yzUfMjy92KZjmGRsEimFbI2xq9lMR1nwMC0pJvB4T670rK3SHEUs1lfpv2HNOAR7 54s7OL8TU+L/xAo2HfS6+2LScKIrye7vsOMH0KuB3BiQ16HBYRQdL+tWV3HAF/Cl fk5EZQplKBcB3ljR6fvM3xv0xBtxo1AzYCuoJWu2Hr7kB/EsnBWKn/Tok6+6m0Fv 7KlV1x6o23omqtFgXuI+wUm6Vp5q0kvnZghVIcZ+gWMa5utakYazCJ2v+HX8C0Jf exyk+l44APSEQ+n31HVEqcD8AfOj7HuRN/lP+N8KOPDMIMKEpvhvmB+x9+9b54y4 c5S/zX2q3KQUra5/zGSmgMHeMAoMkvz+4bVZnINTzVx/gcROWhzPjv+R/pD/ofLR 8rAQJvt9JOcrrfGnsk94ghimc6ZntpfMwkTLp82iRQcQuu5L5YR3lsAnZne1OExf 8e9FVCbmdvoWsACPsvWvAhf0qoAX3B70lSybPXL8rYG+curfL0NlJb9ib6bho0wC kgqQGWbrFmVneRK/E72N =Kg2H -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2014-1244 // JVNDB: JVNDB-2014-001472 // ZDI: ZDI-14-045 // BID: 65786 // VULHUB: VHN-69183 // PACKETSTORM: 125429

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.3.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.2.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.2.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.6

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.3.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.8

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.6

Trust: 1.0

vendor:applemodel:quicktimescope:lteversion:7.7.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.71.80.42

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.68.75.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.69.80.9

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.64.17.73

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.60.92.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1.70

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.7

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.66.71.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.9

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.67.75.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.62.14.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.70.80.34

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.65.17.80

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.7.0

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.7.5 (windows 7)

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.7.5 (windows vista)

Trust: 0.8

vendor:applemodel:quicktimescope:ltversion:7.7.5 (windows xp sp2 or later )

Trust: 0.8

vendor:applemodel:quicktime 7.3scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-14-045 // JVNDB: JVNDB-2014-001472 // CNNVD: CNNVD-201402-437 // NVD: CVE-2014-1244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1244
value: HIGH

Trust: 1.0

NVD: CVE-2014-1244
value: HIGH

Trust: 0.8

ZDI: CVE-2014-1244
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201402-437
value: CRITICAL

Trust: 0.6

VULHUB: VHN-69183
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-1244
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2014-1244
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-69183
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-14-045 // VULHUB: VHN-69183 // JVNDB: JVNDB-2014-001472 // CNNVD: CNNVD-201402-437 // NVD: CVE-2014-1244

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-69183 // JVNDB: JVNDB-2014-001472 // NVD: CVE-2014-1244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-437

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201402-437

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001472

PATCH
title:APPLE-SA-2014-02-25-3url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html
Trust: 0.8
title:HT6151url:http://support.apple.com/kb/HT6151
Trust: 0.8
title:HT6151url:http://support.apple.com/kb/HT6151?viewlocale=ja_JP
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:http://support.apple.com/kb/HT1222
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-045 // 
            
            
            
            JVNDB: JVNDB-2014-001472

EXTERNAL IDS
db:NVDid:CVE-2014-1244
Trust: 3.6
db:BIDid:65786
Trust: 1.4
db:JVNid:JVNVU95788297
Trust: 0.8
db:JVNDBid:JVNDB-2014-001472
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-1860
Trust: 0.7
db:ZDIid:ZDI-14-045
Trust: 0.7
db:CNNVDid:CNNVD-201402-437
Trust: 0.7
db:SECUNIAid:57148
Trust: 0.6
db:VULHUBid:VHN-69183
Trust: 0.1
db:PACKETSTORMid:125429
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-045 // 
            
            
            
            VULHUB: VHN-69183 // 
            
            
            
            BID: 65786 // 
            
            
            
            JVNDB: JVNDB-2014-001472 // 
            
            
            
            PACKETSTORM: 125429 // 
            
            
            
            CNNVD: CNNVD-201402-437 // 
            
            
            
            NVD: CVE-2014-1244

REFERENCES
url:http://support.apple.com/kb/ht6151
Trust: 1.7
url:http://www.securityfocus.com/bid/65786
Trust: 1.1
url:http://support.apple.com/kb/ht1222
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1244
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95788297/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1244
Trust: 0.8
url:http://secunia.com/advisories/57148
Trust: 0.6
url:http://www.apple.com/quicktime/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-1250
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1245
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1246
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1247
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1251
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1032
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1243
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1249
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1248
Trust: 0.1
url:http://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1244
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-045 // 
            
            
            
            VULHUB: VHN-69183 // 
            
            
            
            BID: 65786 // 
            
            
            
            JVNDB: JVNDB-2014-001472 // 
            
            
            
            PACKETSTORM: 125429 // 
            
            
            
            CNNVD: CNNVD-201402-437 // 
            
            
            
            NVD: CVE-2014-1244

CREDITS
Tom Gallagher & Paul Bates
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-045

SOURCES
db:ZDIid:ZDI-14-045
db:VULHUBid:VHN-69183
db:BIDid:65786
db:JVNDBid:JVNDB-2014-001472
db:PACKETSTORMid:125429
db:CNNVDid:CNNVD-201402-437
db:NVDid:CVE-2014-1244

LAST UPDATE DATE
2025-04-13T20:57:16.181000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-045date:2014-04-03T00:00:00
db:VULHUBid:VHN-69183date:2015-10-21T00:00:00
db:BIDid:65786date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001472date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-437date:2014-06-17T00:00:00
db:NVDid:CVE-2014-1244date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-045date:2014-04-03T00:00:00
db:VULHUBid:VHN-69183date:2014-02-27T00:00:00
db:BIDid:65786date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001472date:2014-02-28T00:00:00
db:PACKETSTORMid:125429date:2014-02-26T22:26:17
db:CNNVDid:CNNVD-201402-437date:2014-02-28T00:00:00
db:NVDid:CVE-2014-1244date:2014-02-27T01:55:03.647