ID

VAR-200511-0174

CVE

CVE-2005-2755

TITLE

Apple QuickTime PictureViewer PICT data decompression buffer overflow

DESCRIPTION

Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference. Apple QuickTime PictureViewer contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. QuickTime is prone to a denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions. Successful exploitation of this vulnerability will cause the application to crash, effectively denying service to legitimate users. This issue affects both Microsoft Windows, and Apple versions of QuickTime. CVE-ID: CVE-2005-2755 Original location: http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt Severity: Critical - attack against any application loading remotely-originated content. Software affected: QuickTime package 7.0.1 for Mac OS X 10.3 QuickTime package 7.0.1 for Mac OS X 10.4 QuickTime package 6.5.2 for Mac OS X 10.3 QuickTime package 6.5.2 for Mac OS X 10.2 QuickTime package 7* for Windows Older versions may be also vulnerable. Note: Following versions are not vulnerable, due to the fact I have reported the vulnerabilities before their releases: QuickTime package 7.0.2 for Mac OS X 10.3 QuickTime package 7.0.2 for Mac OS X 10.4 0. DISCLAIMER Author takes no responsibility for any actions with provided informations or codes. The copyright for any material created by the author is reserved. Any duplication of codes or texts provided here in electronic or printed publications is not permitted without the author's agreement. I. BACKGROUND Apple QuickTime Player is one of the Apple QuickTime components used by hundreds of millions of users. II. A missing movie attribute is interpreted as an extension, but the absence of the extension is not flagged as an error, resulting in a de-reference of a NULL pointer. III. POC CODE Due to severity of this bug i will not release any proof of concept codes for this issue. IV. VENDOR RESPONSE Vendor (Apple) has been noticed and released all necessary patches. best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr@gmail.com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://pb.specialised.info - Key ID: 0xBE43AC33 -------------------------------------------------------------------- " Dinanzi a me non fuor cose create se non etterne, e io etterno duro. Lasciate ogne speranza, voi ch'intrate " - Dante, Inferno Canto III _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17428 VERIFY ADVISORY: http://secunia.com/advisories/17428/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ Apple Quicktime 6.x http://secunia.com/product/810/ DESCRIPTION: Piotr Bania has reported some vulnerabilities in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) An integer overflow error exists in the handling of a "Pascal" style string when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file. 2) An integer overflow error exists in the handling of certain movie attributes when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file. This may be exploited to crash an application that uses QuickTime when a specially crafted video file is loaded. 4) A boundary error exists in the QuickTime PictureViewer when decompressing PICT data. This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file. Prior versions may also be affected. SOLUTION: Update to version 7.0.3. http://www.apple.com/support/downloads/quicktime703.html PROVIDED AND/OR DISCOVERED BY: Piotr Bania ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302772 Piotr Bania: http://pb.specialised.info/all/adv/quicktime-mov-io1-adv.txt http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt http://pb.specialised.info/all/adv/quicktime-pict-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES

CREDITS

Piotr Bania bania.piotr@gmail.com

SOURCES

LAST UPDATE DATE

2024-08-14T14:00:33.037000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE