ID

VAR-200512-0294


CVE

CVE-2005-3707


TITLE

Apple QuickTime fails to properly handle corrupt media files

Trust: 0.8

sources: CERT/CC: VU#921193

DESCRIPTION

Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. Apple's QuickTime is a player for files and streaming media in a variety of different formats. For more information, see the information provided by the vendor. QuickTime is prone to a remote buffer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TGA image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-04 Apple QuickTime Player Improper Memory Access Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access Vulnerability in the Apple QuickTime Player. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Trust: 5.76

sources: NVD: CVE-2005-3707 // CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // JVNDB: JVNDB-2005-000858 // BID: 16872 // VULHUB: VHN-14915 // PACKETSTORM: 43080 // PACKETSTORM: 43062

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 4.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:quicktimescope:lteversion:7.0.3

Trust: 1.0

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.0.4

Trust: 0.3

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // BID: 16872 // JVNDB: JVNDB-2005-000858 // CNNVD: CNNVD-200512-710 // NVD: CVE-2005-3707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3707
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#921193
value: 43.88

Trust: 0.8

CARNEGIE MELLON: VU#629845
value: 18.23

Trust: 0.8

CARNEGIE MELLON: VU#115729
value: 3.85

Trust: 0.8

CARNEGIE MELLON: VU#150753
value: 32.63

Trust: 0.8

CARNEGIE MELLON: VU#913449
value: 3.85

Trust: 0.8

CNNVD: CNNVD-200512-710
value: HIGH

Trust: 0.6

VULHUB: VHN-14915
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-3707
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-14915
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // VULHUB: VHN-14915 // CNNVD: CNNVD-200512-710 // NVD: CVE-2005-3707

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3707

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 43080 // CNNVD: CNNVD-200512-710

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200512-710

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000858

PATCH

title:Download the Standalone QuickTime Playerurl:http://www.apple.com/jp/quicktime/download/standalone.html

Trust: 0.8

title:TA23845url:http://support.apple.com/kb/TA23845?viewlocale=ja_JP

Trust: 0.8

title:TA06-011Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html

Trust: 0.8

sources: JVNDB: JVNDB-2005-000858

EXTERNAL IDS

db:SECUNIAid:18370

Trust: 4.9

db:CERT/CCid:VU#115729

Trust: 3.4

db:NVDid:CVE-2005-3707

Trust: 3.0

db:BIDid:16202

Trust: 2.6

db:USCERTid:TA06-011A

Trust: 2.6

db:CERT/CCid:VU#921193

Trust: 1.7

db:CERT/CCid:VU#629845

Trust: 1.7

db:CERT/CCid:VU#150753

Trust: 1.7

db:CERT/CCid:VU#913449

Trust: 1.7

db:SECTRACKid:1015464

Trust: 1.7

db:VUPENid:ADV-2006-0128

Trust: 1.7

db:OSVDBid:22336

Trust: 1.7

db:OSVDBid:22337

Trust: 0.8

db:SECTRACKid:1015466

Trust: 0.8

db:JVNDBid:JVNDB-2005-000858

Trust: 0.8

db:CNNVDid:CNNVD-200512-710

Trust: 0.7

db:CERT/CCid:TA06-011A

Trust: 0.6

db:NSFOCUSid:8393※8395※8392※8394

Trust: 0.6

db:NSFOCUSid:8395

Trust: 0.6

db:NSFOCUSid:8392

Trust: 0.6

db:NSFOCUSid:8393

Trust: 0.6

db:NSFOCUSid:8394

Trust: 0.6

db:XFid:24056

Trust: 0.6

db:FULLDISCid:20060112 FORTINET SECURITY ADVISORY: "APPLE QUICKTIME PLAYER IMPROPER MEMORY ACCESS VULNERABILITY"

Trust: 0.6

db:APPLEid:APPLE-SA-2006-01-10

Trust: 0.6

db:BIDid:16872

Trust: 0.4

db:PACKETSTORMid:43080

Trust: 0.2

db:VULHUBid:VHN-14915

Trust: 0.1

db:PACKETSTORMid:43062

Trust: 0.1

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // VULHUB: VHN-14915 // BID: 16872 // JVNDB: JVNDB-2005-000858 // PACKETSTORM: 43080 // PACKETSTORM: 43062 // CNNVD: CNNVD-200512-710 // NVD: CVE-2005-3707

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=303101

Trust: 5.0

url:http://secunia.com/advisories/18370/

Trust: 3.2

url:http://www.securityfocus.com/bid/16202

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/115729

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta06-011a.html

Trust: 1.7

url:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html

Trust: 1.7

url:http://www.osvdb.org/22336

Trust: 1.7

url:http://securitytracker.com/id?1015464

Trust: 1.7

url:http://secunia.com/advisories/18370

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0128

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24056

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707

Trust: 0.9

url:http://www.eeye.com/html/research/advisories/ad20060111a.html

Trust: 0.8

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://www.osvdb.org/displayvuln.php?osvdb_id=22337

Trust: 0.8

url:http://www.eeye.com/html/research/advisories/ad20060111d.html

Trust: 0.8

url:http://securitytracker.com/alerts/2006/jan/1015466.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710

Trust: 0.8

url:http://jvn.jp/cert/jvnta06-011a/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/629845

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/921193

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/150753

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/913449

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2006/0128

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24056

Trust: 0.6

url:http://www.nsfocus.net/vulndb/8393※8395※8392※8394

Trust: 0.6

url:http://www.apple.com/quicktime/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2005-3707

Trust: 0.2

url:http://secunia.com/

Trust: 0.1

url:http://www.securityfocus.com/bid/16202/info

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/913449>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-3710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-4092

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/629845>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta06-011a.html>

Trust: 0.1

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=302810>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/115729>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340>

Trust: 0.1

url:http://www.apple.com/support/downloads/quicktime704.html>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-2340

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/921193>

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-3713

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/150753>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=303101>

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // VULHUB: VHN-14915 // BID: 16872 // JVNDB: JVNDB-2005-000858 // PACKETSTORM: 43080 // PACKETSTORM: 43062 // CNNVD: CNNVD-200512-710 // NVD: CVE-2005-3707

CREDITS

Dejun Meng

Trust: 0.7

sources: PACKETSTORM: 43080 // CNNVD: CNNVD-200512-710

SOURCES

db:CERT/CCid:VU#921193
db:CERT/CCid:VU#629845
db:CERT/CCid:VU#115729
db:CERT/CCid:VU#150753
db:CERT/CCid:VU#913449
db:VULHUBid:VHN-14915
db:BIDid:16872
db:JVNDBid:JVNDB-2005-000858
db:PACKETSTORMid:43080
db:PACKETSTORMid:43062
db:CNNVDid:CNNVD-200512-710
db:NVDid:CVE-2005-3707

LAST UPDATE DATE

2024-12-21T23:04:42.129000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#921193date:2006-01-12T00:00:00
db:CERT/CCid:VU#629845date:2006-01-13T00:00:00
db:CERT/CCid:VU#115729date:2006-01-11T00:00:00
db:CERT/CCid:VU#150753date:2006-01-13T00:00:00
db:CERT/CCid:VU#913449date:2006-01-31T00:00:00
db:VULHUBid:VHN-14915date:2017-07-11T00:00:00
db:BIDid:16872date:2008-05-01T21:36:00
db:JVNDBid:JVNDB-2005-000858date:2009-04-03T00:00:00
db:CNNVDid:CNNVD-200512-710date:2006-05-24T00:00:00
db:NVDid:CVE-2005-3707date:2024-11-21T00:02:29.240

SOURCES RELEASE DATE

db:CERT/CCid:VU#921193date:2006-01-11T00:00:00
db:CERT/CCid:VU#629845date:2006-01-11T00:00:00
db:CERT/CCid:VU#115729date:2006-01-11T00:00:00
db:CERT/CCid:VU#150753date:2006-01-11T00:00:00
db:CERT/CCid:VU#913449date:2006-01-11T00:00:00
db:VULHUBid:VHN-14915date:2005-12-31T00:00:00
db:BIDid:16872date:2006-01-10T00:00:00
db:JVNDBid:JVNDB-2005-000858date:2009-04-03T00:00:00
db:PACKETSTORMid:43080date:2006-01-15T16:45:18
db:PACKETSTORMid:43062date:2006-01-15T15:39:24
db:CNNVDid:CNNVD-200512-710date:2005-12-31T00:00:00
db:NVDid:CVE-2005-3707date:2005-12-31T05:00:00