CASEScontact.org advisory - Apple QuickTime Player has buffer and remote integer overflow vulnerability

Just the facts

Title

Description

Highly CRITICAL vulnerability:

Vulnerability could be exploited by remote attackers to take complete control of an affected system

The impact of this vulnerability could cause:

CyTRAP Labs ID

CT110063

Last update

2006-09-13

Original release date

2006-09-12

Source

CyTRAP Labs

Systems affected

Highly critical vulnerability that affects:

QuickTime 7.1 used with the following operating systems, namely:
>Windows 2000 and XP
>Mac OS X v10.3.9 and later

Please be aware, QuickTime does not check for updates automatically, you have to trigger the process yourself.

Version number

1.1

ISSN

1603-9858

Verify threat

http://casescontact.org/tips/110063

Risk assessment

High

Impact/Severity

High

Update

2006-09-13 - go to How do I fix it section below for more help

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient:

What is the problem?

Admin

Why not help us do a better job for you?

If you have additional information or corrections for this advisory please submit them via our contact form or by email to:

> updates at CASEScontact.org

How does it affect me?

Should I Worry?

Yes ==> If your PC runs on the Windows Operating System or on the MAC OS and you use Apple QuickTime Player (one of the Apple QuickTime components), please be careful

A) The Threat may result in an attacker to take control of the vulnerable system.

B) Vulnerability is as follows:

a remote integer overflow error. However, to trigger the exploit the user has to be tricked into opening a specially crafted video file (MOV file)

C) Impact . Successful exploitation could cause:

the execution of arbitrary code

Systems affected

Vulnerability has been confirmed with:

QuickTime 7.1 (Windows version), with the latest add-ons

Not affected systems

all others

Minimize your exposure to this threat - follow the steps outlined below

Much Gain - Little Pain - Do this

Be careful when receiving a MOV file from un-trusted sources or that you receive unexpectedly from trusted sources.

This vulnerability could be exploited when QuickTime opens such a file.

How do I fix it

2006-09-13 Vendor response Vendor released QuickTime 7.1.3 that may be obtained from the Software Update pane in System Preferences, or else you can use the Download tab on the QuickTime site.
Apple-Vendor response CyTRAP Labs is currently unaware of any effective workarounds for the remote exploitation of a heap-based buffer overflow vulnerability in Apple Computer's QuickTime Player

2006-09-12 None available at this time
You can check on the vendor response or an upcoming update by visiting Apple-Vendor response

Please keep in mind Apple's policy that indicates that Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.

Additional risk minimization

Remember, just do not open files from people you neither know or do not expect to get a file, regardless what program or file extension the attachment might have.

If you need more information, please read on. Otherwise follow the steps outlined above.

Source

Piotr Bania

Source URL

http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt

Source date

2006-09-12

More information

2006-09-12 Piotr Bania released information on Web and on various security lists

CVE

CVE-2006-4381, CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386, CVE-2006-4388, CVE-2006-4389

CyTRAP labs ID

CT110063

CYTRAP resources - check it out - because it will help you better protect yourself

Related tips

Alerts

CT110045: CASEScontact.org advisory - iTunes - Advanced Audio Coding (AAC) - an integer overflow vulnerability

Glossary

Please either sign in by clicking on 'Login as a guest' to get the definition, no registration required or else get a free registration to get access, it's worth it.

DEUTSCH

Del.icio.us

Was this alert helpful to you? If yes, why not bookmark it at Del.icio.us

Technorati tags

Technorati tags: AntiVirus, Apple, CASEScontact.org, computers and Internet, CyTRAP labs, CyTRAP labs RiskIT, CyTRAP labs StratMedia, Datenschutz,Deutsch hacking, information-security, Internet, Internetrecht, intrusion detection, law, legal, Linux, malware, Microsoft, privacy, rootkit, Sicherheit, security, security advisory, security alert, software, spyware, tech, iTunes, QuickTime, Windows, zero-day

Administrative

Author

Urs E. Gattiker - CyTRAP Labs

Revisions

1.0 - 2006-09-12 - First Version

1.1 - 2006-09-13 - Second Version, more info added

Contact details

Web: http://CASEScontact.org
E-mail: support01 at CASEScontact.org

Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036
Fax: +44(0)70-9237-6036, dial 3 send fax

--END of ADVISORY - Important Info Below--

We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail 2) RSS feeds, or else, just get a 3) free skills tune-up

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

UNSUBSCRIBE If you no longer wish to receive this THREAT ALERT, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Alerts-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - --currently hosted by Flashcable

-- END of THREAT ALERT -- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.

CYTRAP resources - check it out - because it will help you better protect yourself

Related tips		CT210009: Windows XP 101 - PART 2 - Paris Hilton Knows CyTRAP's THREE Rules for Better Securing her PC with Windows Update 2005-10-24 CT210007: UPDATE 1 - Windows XP 101 - PART 1 - Grandma's Tricks - Regular Service & Tune Up ==> Turbo Charge XP 2005-08-30 CT210005: New PC or Hard Drive - Partitioning - Improve Performance and Security in Windows XP 2005-03-15
Alerts		CT110045: CASEScontact.org advisory - iTunes - Advanced Audio Coding (AAC) - an integer overflow vulnerability
Glossary		Please either sign in by clicking on 'Login as a guest' to get the definition, no registration required or else get a free registration to get access, it's worth it. What is a buffer overflow? What is a patch?, and vulnerability. DEUTSCH Was ist eine Zero-Day Vulnerabilitaet oder Verletzbarkeit? Patch Vulnerabilität
Del.icio.us		Was this alert helpful to you? If yes, why not bookmark it at Del.icio.us

Technorati tags		Technorati tags: AntiVirus, Apple, CASEScontact.org, computers and Internet, CyTRAP labs, CyTRAP labs RiskIT, CyTRAP labs StratMedia, Datenschutz,Deutsch hacking, information-security, Internet, Internetrecht, intrusion detection, law, legal, Linux, malware, Microsoft, privacy, rootkit, Sicherheit, security, security advisory, security alert, software, spyware, tech, iTunes, QuickTime, Windows, zero-day