Details of VAR-200505-0875

ID

VAR-200505-0875

CVE

CVE-2005-1579

TITLE

Apple QuickTime Quartz Composer File information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-1006

DESCRIPTION

Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Quartz Composer Disclosure of System Information SECUNIA ADVISORY ID: SA15307 VERIFY ADVISORY: http://secunia.com/advisories/15307/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: David Remahl has reported a weakness in Apple QuickTime, which can be exploited by malicious people to disclose some system information. The problem is that Quartz Composer compositions embedded in ".mov" files can access certain system information, which can be disclosed to web sites via JavaScript. This can e.g. be exploited to disclose the local username and directory information by tricking a user into visiting a malicious web site. SOLUTION: Disable the QuickTime browser plugin and do not open ".mov" and Quartz Composer files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: David Remahl ORIGINAL ADVISORY: http://remahl.se/david/vuln/018/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: NVD: CVE-2005-1579 // VULHUB: VHN-12788 // PACKETSTORM: 37628

AFFECTED PRODUCTS

vendor:

apple

model:

quicktime

scope:

version:

7.0

Trust: 1.6

sources: CNNVD: CNNVD-200505-1006 // NVD: CVE-2005-1579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1579
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200505-1006
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-12788
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-1579
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12788
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12788 // CNNVD: CNNVD-200505-1006 // NVD: CVE-2005-1579

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1579

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-1006

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200505-1006

EXTERNAL IDS

db:	SECUNIA	id:	15307	Trust: 1.8
db:	OSVDB	id:	16376	Trust: 1.7
db:	BID	id:	13603	Trust: 1.7
db:	NVD	id:	CVE-2005-1579	Trust: 1.7
db:	SECTRACK	id:	1013961	Trust: 1.7
db:	VUPEN	id:	ADV-2005-0531	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-1006	Trust: 0.7
db:	MLIST	id:	[QUARTZCOMPOSER-DEV] 20050511 RE: QUARTZ QUICKTIME EMBEDDED IN REMOTE WEBPAGES...	Trust: 0.6
db:	MLIST	id:	[QUARTZCOMPOSER-DEV] 20050510 QUARTZ QUICKTIME EMBEDDED IN REMOTE WEBPAGES...	Trust: 0.6
db:	FULLDISC	id:	20050511 [DR018] QUARTZ COMPOSER / QUICKTIME 7 INFORMATION LEAKAGE	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-05-31	Trust: 0.6
db:	MISC	id:	HTTP://REMAHL.SE/DAVID/VULN/018	Trust: 0.6
db:	VULHUB	id:	VHN-12788	Trust: 0.1
db:	PACKETSTORM	id:	37628	Trust: 0.1

sources: VULHUB: VHN-12788 // PACKETSTORM: 37628 // CNNVD: CNNVD-200505-1006 // NVD: CVE-2005-1579

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2005/may/msg00006.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/13603	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=301714	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0265.html	Trust: 1.7
url:	http://remahl.se/david/vuln/018	Trust: 1.7
url:	http://lists.apple.com/archives/quartzcomposer-dev/2005/may/msg00250.html	Trust: 1.7
url:	http://lists.apple.com/archives/quartzcomposer-dev/2005/may/msg00263.html	Trust: 1.7
url:	http://www.osvdb.org/16376	Trust: 1.7
url:	http://securitytracker.com/id?1013961	Trust: 1.7
url:	http://secunia.com/advisories/15307	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/0531	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2005/0531	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5090/	Trust: 0.1
url:	http://remahl.se/david/vuln/018/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/15307/	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-12788 // PACKETSTORM: 37628 // CNNVD: CNNVD-200505-1006 // NVD: CVE-2005-1579

CREDITS

Discovery is credited to David Remahl <vuln@remahl.se>.

Trust: 0.6

sources: CNNVD: CNNVD-200505-1006

SOURCES

db:	VULHUB	id:	VHN-12788
db:	PACKETSTORM	id:	37628
db:	CNNVD	id:	CNNVD-200505-1006
db:	NVD	id:	CVE-2005-1579

LAST UPDATE DATE

2024-08-14T14:00:36.829000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12788	date:	2011-03-08T00:00:00
db:	CNNVD	id:	CNNVD-200505-1006	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1579	date:	2011-03-08T02:22:13.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12788	date:	2005-05-12T00:00:00
db:	PACKETSTORM	id:	37628	date:	2005-05-29T20:22:44
db:	CNNVD	id:	CNNVD-200505-1006	date:	2005-05-12T00:00:00
db:	NVD	id:	CVE-2005-1579	date:	2005-05-12T04:00:00