Details of VAR-200609-0310

ID

VAR-200609-0310

CVE

CVE-2006-4382

TITLE

Apple QuickTime fails to properly handle SGI images

Trust: 0.8

sources: CERT/CC: VU#308204

DESCRIPTION

Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. McAfee, Inc. QuickTime is used by the Mac OS X operating system and by the QuickTime media player for Microsoft Windows. Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI. Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed. The risk rating for these issues is medium. _________________________________________________ * Vulnerable Systems QuickTime 7.1.2 and below for Mac OS X QuickTime for Windows 7.1.2 and below _________________________________________________ * Vulnerability Information CVE-2006-4382 Two buffer overflow vulnerabilities are present in QuickTime MOV format support. CVE-2006-4384 On heap overflow vulnerability is present in QuickTime FLC format support. CVE-2006-4385 One buffer overflow vulnerability is present in QuickTime SGI format support. CVE-2006-4386 One buffer overflow vulnerability is present in QuickTime MOV H.264 format support. CVE-2006-4388 One buffer overflow vulnerability is present in QuickTime FlashPix (FPX) format support. CVE-2006-4389 One uninitialized memory access vulnerability is present in QuickTime FlashPix (FPX) format support. _________________________________________________ * Resolution Apple has included fixes for the QuickTime issues in QuickTime version 7.1.3 for Mac OS X and for Microsoft Windows. Further information is available at: http://docs.info.apple.com/article.html?artnum=304357 _________________________________________________ * Credits These vulnerabilities were discovered by Mike Price of McAfee Avert Labs. _________________________________________________ * Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. Best regards, Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Win32 binary codecs: Multiple vulnerabilities Date: March 04, 2008 Bugs: #150288 ID: 200803-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in the Win32 codecs for Linux may result in the remote execution of arbitrary code. Background ========== Win32 binary codecs provide support for video and audio playback. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e VpxOGmsa3V34PILWdYXqoXE= =70De -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 5.76

sources: NVD: CVE-2006-4382 // CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // JVNDB: JVNDB-2006-000934 // BID: 19976 // VULHUB: VHN-20490 // PACKETSTORM: 50015 // PACKETSTORM: 64267

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 4.0
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.5.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.2	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	6.0	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	lte	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	quicktime	scope:	eq	version:	7.1.3	Trust: 0.8
vendor:	gentoo	model:	media-libs/win32codecs 20071007-r2	scope:	-	version:	-	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.5	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	ne	version:	7.1.3	Trust: 0.3

sources: CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // BID: 19976 // JVNDB: JVNDB-2006-000934 // CNNVD: CNNVD-200609-157 // NVD: CVE-2006-4382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4382
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#308204
value:	27.00
Trust: 0.8
CARNEGIE MELLON:	VU#200316
value:	0.08
Trust: 0.8
CARNEGIE MELLON:	VU#683700
value:	2.73
Trust: 0.8
CARNEGIE MELLON:	VU#554252
value:	27.00
Trust: 0.8
CARNEGIE MELLON:	VU#540348
value:	27.00
Trust: 0.8
CNNVD:	CNNVD-200609-157
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-20490
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4382
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-20490
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // VULHUB: VHN-20490 // CNNVD: CNNVD-200609-157 // NVD: CVE-2006-4382

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-157

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200609-157

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000934

PATCH

title:	HT1338	url:	http://support.apple.com/kb/HT1338?viewlocale=ja_JP	Trust: 0.8
title:	TA24355	url:	http://support.apple.com/kb/TA24355?viewlocale=ja_JP	Trust: 0.8
title:	HT1222	url:	http://support.apple.com/kb/HT1222?viewlocale=ja_JP	Trust: 0.8
title:	QuickTime 7.1.3 Update のセキュリティコンテンツについて	url:	http://www.apple.com/jp/ftp-info/reference/quicktime713.html	Trust: 0.8
title:	QuickTime - ダウンロード QuickTime Player スタンドアロン版のダウンロード	url:	http://www.apple.com/jp/quicktime/download/	Trust: 0.8
title:	TA06-256A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta06-256a.html	Trust: 0.8

sources: JVNDB: JVNDB-2006-000934

EXTERNAL IDS

db:	SECUNIA	id:	21893	Trust: 4.9
db:	CERT/CC	id:	VU#683700	Trust: 3.6
db:	USCERT	id:	TA06-256A	Trust: 3.3
db:	NVD	id:	CVE-2006-4382	Trust: 3.0
db:	BID	id:	19976	Trust: 2.0
db:	CERT/CC	id:	VU#308204	Trust: 1.9
db:	CERT/CC	id:	VU#554252	Trust: 1.9
db:	CERT/CC	id:	VU#540348	Trust: 1.9
db:	SECTRACK	id:	1016830	Trust: 1.7
db:	SECUNIA	id:	29182	Trust: 1.7
db:	OSVDB	id:	28772	Trust: 1.7
db:	SREASON	id:	1554	Trust: 1.7
db:	VUPEN	id:	ADV-2006-3577	Trust: 1.7
db:	CERT/CC	id:	VU#200316	Trust: 1.1
db:	JVNDB	id:	JVNDB-2006-000934	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-157	Trust: 0.7
db:	BUGTRAQ	id:	20060913 MULTIPLE VULNERABILITIES IN APPLE QUICKTIME	Trust: 0.6
db:	XF	id:	28929	Trust: 0.6
db:	CERT/CC	id:	TA06-256A	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2006-09-12	Trust: 0.6
db:	GENTOO	id:	GLSA-200803-08	Trust: 0.6
db:	PACKETSTORM	id:	50015	Trust: 0.2
db:	PACKETSTORM	id:	64267	Trust: 0.2
db:	VULHUB	id:	VHN-20490	Trust: 0.1

sources: CERT/CC: VU#308204 // CERT/CC: VU#200316 // CERT/CC: VU#683700 // CERT/CC: VU#554252 // CERT/CC: VU#540348 // VULHUB: VHN-20490 // BID: 19976 // JVNDB: JVNDB-2006-000934 // PACKETSTORM: 50015 // PACKETSTORM: 64267 // CNNVD: CNNVD-200609-157 // NVD: CVE-2006-4382

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=304357	Trust: 5.0
url:	http://www.us-cert.gov/cas/techalerts/ta06-256a.html	Trust: 3.3
url:	http://secunia.com/advisories/21893/	Trust: 3.2
url:	http://www.kb.cert.org/vuls/id/683700	Trust: 2.8
url:	http://www.apple.com/support/downloads/quicktime713.html	Trust: 2.4
url:	http://www.apple.com/quicktime/download/standalone.html	Trust: 2.4
url:	http://www.us-cert.gov/reading_room/securing_browser/	Trust: 2.4
url:	http://security.gentoo.org/glsa/glsa-200803-08.xml	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/19976	Trust: 1.7
url:	http://www.osvdb.org/28772	Trust: 1.7
url:	http://securitytracker.com/id?1016830	Trust: 1.7
url:	http://secunia.com/advisories/21893	Trust: 1.7
url:	http://secunia.com/advisories/29182	Trust: 1.7
url:	http://securityreason.com/securityalert/1554	Trust: 1.7
url:	http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/445888/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/3577	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/28929	Trust: 1.1
url:	http://www.kb.cert.org/vuls/id/308204	Trust: 1.1
url:	http://www.kb.cert.org/vuls/id/540348	Trust: 1.1
url:	http://www.kb.cert.org/vuls/id/554252	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389	Trust: 0.9
url:	http://www.cert.org/tech_tips/before_you_plug_in.html	Trust: 0.8
url:	http://www.apple.com/quicktime/download/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4382	Trust: 0.8
url:	http://jvn.jp/cert/jvnta06-256a/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4382	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4385	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4389	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4386	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/2006/20060913_173644.html	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/445888/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/3577	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/28929	Trust: 0.6
url:	http://www.apple.com/quicktime/	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/200316	Trust: 0.3
url:	/archive/1/445830	Trust: 0.3
url:	/archive/1/445831	Trust: 0.3
url:	/archive/1/445888	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2006-4382	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-4385	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-4384	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-4389	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-4388	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-4386	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-4674	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://enigmail.mozdev.org	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6166	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382	Trust: 0.1

CREDITS

Sowhat smaillist@gmail.com Mike PricePiotr Bania※ bania.piotr@gmail.com※Ruben Santamarta ruben@reversemode.com

Trust: 0.6

sources: CNNVD: CNNVD-200609-157

SOURCES

db:	CERT/CC	id:	VU#308204
db:	CERT/CC	id:	VU#200316
db:	CERT/CC	id:	VU#683700
db:	CERT/CC	id:	VU#554252
db:	CERT/CC	id:	VU#540348
db:	VULHUB	id:	VHN-20490
db:	BID	id:	19976
db:	JVNDB	id:	JVNDB-2006-000934
db:	PACKETSTORM	id:	50015
db:	PACKETSTORM	id:	64267
db:	CNNVD	id:	CNNVD-200609-157
db:	NVD	id:	CVE-2006-4382

LAST UPDATE DATE

2024-09-19T22:14:23.952000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#308204	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#200316	date:	2006-09-15T00:00:00
db:	CERT/CC	id:	VU#683700	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#554252	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#540348	date:	2006-09-13T00:00:00
db:	VULHUB	id:	VHN-20490	date:	2018-10-17T00:00:00
db:	BID	id:	19976	date:	2008-03-04T23:32:00
db:	JVNDB	id:	JVNDB-2006-000934	date:	2009-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200609-157	date:	2006-09-15T00:00:00
db:	NVD	id:	CVE-2006-4382	date:	2018-10-17T21:36:49.807

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#308204	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#200316	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#683700	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#554252	date:	2006-09-13T00:00:00
db:	CERT/CC	id:	VU#540348	date:	2006-09-13T00:00:00
db:	VULHUB	id:	VHN-20490	date:	2006-09-12T00:00:00
db:	BID	id:	19976	date:	2006-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2006-000934	date:	2009-04-03T00:00:00
db:	PACKETSTORM	id:	50015	date:	2006-09-14T07:22:52
db:	PACKETSTORM	id:	64267	date:	2008-03-04T22:49:07
db:	CNNVD	id:	CNNVD-200609-157	date:	2006-09-12T00:00:00
db:	NVD	id:	CVE-2006-4382	date:	2006-09-12T23:07:00