Details of VAR-200512-0297

ID

VAR-200512-0297

CVE

CVE-2005-3710

TITLE

Apple QuickTime fails to properly handle corrupt media files

Trust: 0.8

sources: CERT/CC: VU#921193

DESCRIPTION

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Apple's QuickTime is a player for files and streaming media in a variety of different formats. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote integer-overflow vulnerability. This issue presents itself when the application processes a specially crafted TIFF file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. Fortinet Security Advisory: FSA-2006-03 Apple QuickTime Player ImageWidth Denial of Service Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : Medium Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. This is due to application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. Impact : Denial of Service Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----

Trust: 5.76

sources: NVD: CVE-2005-3710 // CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // JVNDB: JVNDB-2005-000858 // BID: 16867 // VULHUB: VHN-14918 // PACKETSTORM: 43079 // PACKETSTORM: 43062

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 4.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	lte	version:	7.0.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	windows 2000	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	windows xp	scope:	eq	version:	sp3	Trust: 0.8
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 0.6
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	7.0.4	Trust: 0.3

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // BID: 16867 // JVNDB: JVNDB-2005-000858 // CNNVD: CNNVD-200512-926 // NVD: CVE-2005-3710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3710
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#921193
value:	43.88
Trust: 0.8
CARNEGIE MELLON:	VU#629845
value:	18.23
Trust: 0.8
CARNEGIE MELLON:	VU#115729
value:	3.85
Trust: 0.8
CARNEGIE MELLON:	VU#150753
value:	32.63
Trust: 0.8
CARNEGIE MELLON:	VU#913449
value:	3.85
Trust: 0.8
CNNVD:	CNNVD-200512-926
value:	HIGH
Trust: 0.6
VULHUB:	VHN-14918
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-3710
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14918
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // VULHUB: VHN-14918 // CNNVD: CNNVD-200512-926 // NVD: CVE-2005-3710

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.1

sources: VULHUB: VHN-14918 // NVD: CVE-2005-3710

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 43079 // CNNVD: CNNVD-200512-926

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200512-926

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000858

PATCH

title:	Download the Standalone QuickTime Player	url:	http://www.apple.com/jp/quicktime/download/standalone.html	Trust: 0.8
title:	TA23845	url:	http://support.apple.com/kb/TA23845?viewlocale=ja_JP	Trust: 0.8
title:	TA06-011A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html	Trust: 0.8

sources: JVNDB: JVNDB-2005-000858

EXTERNAL IDS

db:	SECUNIA	id:	18370	Trust: 4.9
db:	CERT/CC	id:	VU#150753	Trust: 3.4
db:	NVD	id:	CVE-2005-3710	Trust: 3.0
db:	BID	id:	16202	Trust: 2.6
db:	USCERT	id:	TA06-011A	Trust: 2.6
db:	OSVDB	id:	22337	Trust: 2.5
db:	CERT/CC	id:	VU#921193	Trust: 1.7
db:	CERT/CC	id:	VU#629845	Trust: 1.7
db:	CERT/CC	id:	VU#115729	Trust: 1.7
db:	CERT/CC	id:	VU#913449	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0128	Trust: 1.7
db:	SECTRACK	id:	1015465	Trust: 1.7
db:	SREASON	id:	347	Trust: 1.7
db:	SECTRACK	id:	1015466	Trust: 0.8
db:	JVNDB	id:	JVNDB-2005-000858	Trust: 0.8
db:	CNNVD	id:	CNNVD-200512-926	Trust: 0.7
db:	CERT/CC	id:	TA06-011A	Trust: 0.6
db:	NSFOCUS	id:	8392	Trust: 0.6
db:	NSFOCUS	id:	8392※8395※8394※8393	Trust: 0.6
db:	NSFOCUS	id:	8395	Trust: 0.6
db:	NSFOCUS	id:	8393	Trust: 0.6
db:	NSFOCUS	id:	8394	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2006-01-10	Trust: 0.6
db:	XF	id:	24059	Trust: 0.6
db:	FULLDISC	id:	20060112 FORTINET ADVISORY - APPLE QUICKTIME PLAYER IMAGEWIDTH DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20060112 FORTINET ADVISORY - APPLE QUICKTIME PLAYER IMAGEWIDTH DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	16867	Trust: 0.4
db:	PACKETSTORM	id:	43079	Trust: 0.2
db:	VULHUB	id:	VHN-14918	Trust: 0.1
db:	PACKETSTORM	id:	43062	Trust: 0.1

sources: CERT/CC: VU#921193 // CERT/CC: VU#629845 // CERT/CC: VU#115729 // CERT/CC: VU#150753 // CERT/CC: VU#913449 // VULHUB: VHN-14918 // BID: 16867 // JVNDB: JVNDB-2005-000858 // PACKETSTORM: 43079 // PACKETSTORM: 43062 // CNNVD: CNNVD-200512-926 // NVD: CVE-2005-3710

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=303101	Trust: 5.0
url:	http://secunia.com/advisories/18370/	Trust: 3.2
url:	http://www.securityfocus.com/bid/16202	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/150753	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta06-011a.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0440.html	Trust: 1.7
url:	http://www.osvdb.org/22337	Trust: 1.7
url:	http://securitytracker.com/id?1015465	Trust: 1.7
url:	http://secunia.com/advisories/18370	Trust: 1.7
url:	http://securityreason.com/securityalert/347	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/421797/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/0128	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24059	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710	Trust: 0.9
url:	http://www.eeye.com/html/research/advisories/ad20060111a.html	Trust: 0.8
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=22337	Trust: 0.8
url:	http://www.eeye.com/html/research/advisories/ad20060111d.html	Trust: 0.8
url:	http://securitytracker.com/alerts/2006/jan/1015466.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707	Trust: 0.8
url:	http://jvn.jp/cert/jvnta06-011a/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/629845	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/921193	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/115729	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/913449	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/0128	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/24059	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/421797/100/0/threaded	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/8392※8395※8394※8393	Trust: 0.6
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2005-3710	Trust: 0.2
url:	http://www.securityfocus.com/bid/16202/info	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/913449>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2005-4092	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/629845>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta06-011a.html>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=302810>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/115729>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2005-3707	Trust: 0.1
url:	http://www.apple.com/support/downloads/quicktime704.html>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2005-2340	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/921193>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2005-3713	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/150753>	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=303101>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1

CREDITS

Dejun Meng vulnmonitor@fortinet.com

Trust: 0.6

sources: CNNVD: CNNVD-200512-926

SOURCES

db:	CERT/CC	id:	VU#921193
db:	CERT/CC	id:	VU#629845
db:	CERT/CC	id:	VU#115729
db:	CERT/CC	id:	VU#150753
db:	CERT/CC	id:	VU#913449
db:	VULHUB	id:	VHN-14918
db:	BID	id:	16867
db:	JVNDB	id:	JVNDB-2005-000858
db:	PACKETSTORM	id:	43079
db:	PACKETSTORM	id:	43062
db:	CNNVD	id:	CNNVD-200512-926
db:	NVD	id:	CVE-2005-3710

LAST UPDATE DATE

2024-09-19T00:59:03.868000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#921193	date:	2006-01-12T00:00:00
db:	CERT/CC	id:	VU#629845	date:	2006-01-13T00:00:00
db:	CERT/CC	id:	VU#115729	date:	2006-01-11T00:00:00
db:	CERT/CC	id:	VU#150753	date:	2006-01-13T00:00:00
db:	CERT/CC	id:	VU#913449	date:	2006-01-31T00:00:00
db:	VULHUB	id:	VHN-14918	date:	2018-10-19T00:00:00
db:	BID	id:	16867	date:	2008-05-01T21:16:00
db:	JVNDB	id:	JVNDB-2005-000858	date:	2009-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200512-926	date:	2006-05-24T00:00:00
db:	NVD	id:	CVE-2005-3710	date:	2018-10-19T15:38:54.153

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#921193	date:	2006-01-11T00:00:00
db:	CERT/CC	id:	VU#629845	date:	2006-01-11T00:00:00
db:	CERT/CC	id:	VU#115729	date:	2006-01-11T00:00:00
db:	CERT/CC	id:	VU#150753	date:	2006-01-11T00:00:00
db:	CERT/CC	id:	VU#913449	date:	2006-01-11T00:00:00
db:	VULHUB	id:	VHN-14918	date:	2005-12-31T00:00:00
db:	BID	id:	16867	date:	2006-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2005-000858	date:	2009-04-03T00:00:00
db:	PACKETSTORM	id:	43079	date:	2006-01-15T16:42:59
db:	PACKETSTORM	id:	43062	date:	2006-01-15T15:39:24
db:	CNNVD	id:	CNNVD-200512-926	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-3710	date:	2005-12-31T05:00:00