Details of VAR-200609-0309

ID

VAR-200609-0309

CVE

CVE-2006-4381

TITLE

Apple QuickTime fails to properly handle FLC movies

Trust: 0.8

sources: CERT/CC: VU#489836

DESCRIPTION

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-256A Apple QuickTime Vulnerabilities Original release date: September 13, 2006 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page. Note that QuickTime ships with Apple iTunes. For more information, please refer to the Vulnerability Notes. II. For further information, please see the Vulnerability Notes. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.1.3. This and other updates for Mac OS X are available via Apple Update. Disable QuickTime in your web browser An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document. References * Vulnerability Notes for QuickTime 7.1.3 - <http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_713> * About the security content of the QuickTime 7.1.3 Update - <http://docs.info.apple.com/article.html?artnum=304357> * Apple QuickTime 7.1.3 - <http://www.apple.com/support/downloads/quicktime713.html> * Standalone Apple QuickTime Player - <http://www.apple.com/quicktime/download/standalone.html> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-256A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-256A Feedback VU#540348" in the subject. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History September 13, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21893 VERIFY ADVISORY: http://secunia.com/advisories/21893/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 2) A boundary error within the processing of QuickTime movies can be exploited to cause a buffer overflow. 3) A boundary error within the processing of FLC movies can be exploited to cause a heap-based buffer overflow via a FLC movie with a specially crafted COLOR_64 chunk. 4) Errors within the processing of FlashPix files can be exploited to cause an integer overflow or buffer overflow. 5) An error within the processing of FlashPix files can be exploited to trigger an exception leaving an uninitialised object. 6) A boundary error within the processing of SGI images can be exploited to cause a buffer overflow. SOLUTION: Update to version 7.1.3. http://www.apple.com/quicktime/download/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Sowhat of Nevis Labs, Mike Price of McAfee AVERT Labs, and Piotr Bania. 2) Mike Price of McAfee AVERT Labs. 3) Mike Price of McAfee AVERT Labs and Ruben Santamarta. 4) Mike Price of McAfee AVERT Labs. 5) Mike Price of McAfee AVERT Labs. 6) Mike Price of McAfee AVERT Labs ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304357 iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=413 Reverse Mode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=25 Piotr Bania: http://pb.specialised.info/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 6.48

sources: NVD: CVE-2006-4381 // CERT/CC: VU#489836 // CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // JVNDB: JVNDB-2006-001144 // BID: 19976 // VULHUB: VHN-20489 // PACKETSTORM: 50016 // PACKETSTORM: 49979

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 4.8
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lte	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lt	version:	7.1.3	Trust: 0.8
vendor:	gentoo	model:	media-libs/win32codecs 20071007-r2	scope:	-	version:	-	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	7.1.3	Trust: 0.3

sources: CERT/CC: VU#489836 // CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // BID: 19976 // JVNDB: JVNDB-2006-001144 // CNNVD: CNNVD-200609-160 // NVD: CVE-2006-4381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4381
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#489836
value:	27.00
Trust: 0.8
CARNEGIE MELLON:	VU#308204
value:	27.00
Trust: 0.8
CARNEGIE MELLON:	VU#200316
value:	0.08
Trust: 0.8
CARNEGIE MELLON:	VU#683700
value:	2.73
Trust: 0.8
CARNEGIE MELLON:	VU#554252
value:	27.00
Trust: 0.8
CARNEGIE MELLON:	VU#540348
value:	27.00
Trust: 0.8
NVD:	CVE-2006-4381
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200609-160
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-20489
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4381
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-20489
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#489836 // CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // VULHUB: VHN-20489 // JVNDB: JVNDB-2006-001144 // CNNVD: CNNVD-200609-160 // NVD: CVE-2006-4381

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-160

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200609-160

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001144

PATCH

title:

APPLE-SA-2006-09-12

url:

http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2006-001144

EXTERNAL IDS

db:	SECUNIA	id:	21893	Trust: 5.8
db:	NVD	id:	CVE-2006-4381	Trust: 2.8
db:	BID	id:	19976	Trust: 2.0
db:	SECTRACK	id:	1016830	Trust: 1.7
db:	OSVDB	id:	28774	Trust: 1.7
db:	VUPEN	id:	ADV-2006-3577	Trust: 1.7
db:	SREASON	id:	1551	Trust: 1.7
db:	CERT/CC	id:	VU#308204	Trust: 1.1
db:	CERT/CC	id:	VU#200316	Trust: 1.1
db:	CERT/CC	id:	VU#683700	Trust: 1.1
db:	CERT/CC	id:	VU#554252	Trust: 1.1
db:	CERT/CC	id:	VU#540348	Trust: 1.1
db:	USCERT	id:	TA06-256A	Trust: 0.9
db:	CERT/CC	id:	VU#489836	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-001144	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-160	Trust: 0.7
db:	XF	id:	28928	Trust: 0.6
db:	XF	id:	264	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2006-09-12	Trust: 0.6
db:	BUGTRAQ	id:	20060912 APPLE QUICKTIME H.264 INTEGER OVERFLOW VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-20489	Trust: 0.1
db:	PACKETSTORM	id:	50016	Trust: 0.1
db:	PACKETSTORM	id:	49979	Trust: 0.1

sources: CERT/CC: VU#489836 // CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // VULHUB: VHN-20489 // BID: 19976 // JVNDB: JVNDB-2006-001144 // PACKETSTORM: 50016 // PACKETSTORM: 49979 // CNNVD: CNNVD-200609-160 // NVD: CVE-2006-4381

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=304357	Trust: 5.0
url:	http://secunia.com/advisories/21893/	Trust: 4.1
url:	http://www.apple.com/support/downloads/quicktime713.html	Trust: 3.2
url:	http://www.apple.com/quicktime/download/standalone.html	Trust: 3.2
url:	http://www.us-cert.gov/reading_room/securing_browser/	Trust: 3.2
url:	http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/19976	Trust: 1.7
url:	http://secway.org/advisory/ad20060912.txt	Trust: 1.7
url:	http://www.osvdb.org/28774	Trust: 1.7
url:	http://securitytracker.com/id?1016830	Trust: 1.7
url:	http://secunia.com/advisories/21893	Trust: 1.7
url:	http://securityreason.com/securityalert/1551	Trust: 1.7
url:	http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/445830/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/3577	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/28928	Trust: 1.1
url:	http://www.apple.com/quicktime/download/	Trust: 0.9
url:	http://www.us-cert.gov/cas/techalerts/ta06-256a.html	Trust: 0.8
url:	http://www.cert.org/tech_tips/before_you_plug_in.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4381	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4381	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/445830/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/3577	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/28928	Trust: 0.6
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/200316	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/308204	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/540348	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/554252	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/683700	Trust: 0.3
url:	/archive/1/445830	Trust: 0.3
url:	/archive/1/445831	Trust: 0.3
url:	/archive/1/445888	Trust: 0.3
url:	http://docs.info.apple.com/article.html?artnum=304357>	Trust: 0.1
url:	http://www.apple.com/support/downloads/quicktime713.html>	Trust: 0.1
url:	http://www.apple.com/quicktime/download/standalone.html>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/byid?searchview&query=quicktime_713>	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=106704>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta06-256a.html>	Trust: 0.1
url:	http://www.us-cert.gov/reading_room/securing_browser/>	Trust: 0.1
url:	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=413	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5090/	Trust: 0.1
url:	http://secunia.com/quality_assurance_analyst/	Trust: 0.1
url:	http://www.reversemode.com/index.php?option=com_remository&itemid=2&func=fileinfo&id=25	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://pb.specialised.info/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/web_application_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#489836 // CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // VULHUB: VHN-20489 // BID: 19976 // JVNDB: JVNDB-2006-001144 // PACKETSTORM: 50016 // PACKETSTORM: 49979 // CNNVD: CNNVD-200609-160 // NVD: CVE-2006-4381

CREDITS

Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com

Trust: 0.6

sources: CNNVD: CNNVD-200609-160

SOURCES

db:	CERT/CC	id:	VU#489836
db:	CERT/CC	id:	VU#308204
db:	CERT/CC	id:	VU#200316
db:	CERT/CC	id:	VU#683700
db:	CERT/CC	id:	VU#554252
db:	CERT/CC	id:	VU#540348
db:	VULHUB	id:	VHN-20489
db:	BID	id:	19976
db:	JVNDB	id:	JVNDB-2006-001144
db:	PACKETSTORM	id:	50016
db:	PACKETSTORM	id:	49979
db:	CNNVD	id:	CNNVD-200609-160
db:	NVD	id:	CVE-2006-4381

LAST UPDATE DATE

2024-08-14T13:02:19.224000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#489836	date:	2006-09-14T00:00:00
db:	CERT/CC	id:	VU#308204	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#200316	date:	2006-09-15T00:00:00
db:	CERT/CC	id:	VU#683700	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#554252	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#540348	date:	2006-09-13T00:00:00
db:	VULHUB	id:	VHN-20489	date:	2018-10-17T00:00:00
db:	BID	id:	19976	date:	2008-03-04T23:32:00
db:	JVNDB	id:	JVNDB-2006-001144	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-160	date:	2006-09-15T00:00:00
db:	NVD	id:	CVE-2006-4381	date:	2018-10-17T21:36:48.993

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#489836	date:	2006-09-14T00:00:00
db:	CERT/CC	id:	VU#308204	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#200316	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#683700	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#554252	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#540348	date:	2006-09-13T00:00:00
db:	VULHUB	id:	VHN-20489	date:	2006-09-12T00:00:00
db:	BID	id:	19976	date:	2006-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2006-001144	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	50016	date:	2006-09-14T07:23:59
db:	PACKETSTORM	id:	49979	date:	2006-09-13T17:03:55
db:	CNNVD	id:	CNNVD-200609-160	date:	2006-09-12T00:00:00
db:	NVD	id:	CVE-2006-4381	date:	2006-09-12T23:07:00