Sign-up

ID

VAR-200809-0197


CVE

CVE-2008-3624


TITLE

Apple QuickTime In QTVR Heap-based buffer overflow vulnerability in movie file handling

Trust: 0.8

sources: JVNDB: JVNDB-2008-001682

DESCRIPTION

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. Versions prior to QuickTime 7.5.5 are affected. NOTE: Two issues that were previously covered in this BID were given their own records to better document the details: - CVE-2008-3626 was moved to BID 31546 ('Apple QuickTime 'STSZ' Atoms Memory Corruption Vulnerability') - CVE-2008-3629 was moved to BID 31548 ('Apple QuickTime PICT Denial of Service Vulnerability'). Apple QuickTime is a very popular multimedia player. ---------------------------------------------------------------------- We have updated our website, enjoy! http://secunia.com/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31821 VERIFY ADVISORY: http://secunia.com/advisories/31821/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/advisories/product/5090/ DESCRIPTION: Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system. 1) An error in the third-party Indeo5 codec for QuickTime can be exploited to access uninitialised memory via a specially crafted movie file. 6) An error in the CallComponentFunctionWithStorage() function when parsing STSZ atoms in movie files can be exploited to corrupt memory via a movie file containing a overly large entry in sample_size_table. 7) Multiple errors when parsing H.264 encoded movie files (e.g. an integer overflow when parsing AVC1 atoms and two errors when parsing MDAT atoms) can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Update to version 7.5.5. QuickTime 7.5.5 for Windows: http://www.apple.com/support/downloads/quicktime755forwindows.html QuickTime 7.5.5 for Leopard: http://www.apple.com/support/downloads/quicktime755forleopard.html QuickTime 7.5.5 for Tiger: http://www.apple.com/support/downloads/quicktime755fortiger.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Paul Byrne, NGSSoftware. 2) Reported by an anonymous person via ZDI. 3) The vendor credits Roee Hay, IBM Rational Application Security Research Group. 4) Reported by an anonymous person via ZDI. 5) Reported by an anonymous person via iDefense VCP. 6) Reported by an anonymous person via ZDI. 7) Reported by an anonymous person and Subreption via ZDI. 8) The vendor credits David Wharton. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3027 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-057/ http://www.zerodayinitiative.com/advisories/ZDI-08-058/ http://www.zerodayinitiative.com/advisories/ZDI-08-059/ http://www.zerodayinitiative.com/advisories/ZDI-08-060/ http://www.zerodayinitiative.com/advisories/ZDI-08-061/ http://www.zerodayinitiative.com/advisories/ZDI-08-062/ iDefense VCP: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-3624 // JVNDB: JVNDB-2008-001682 // BID: 31086 // VULHUB: VHN-33749 // PACKETSTORM: 69849

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:7.3.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.3.1.70

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.6

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.4.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.4.1

Trust: 1.6

vendor:applemodel:quicktimescope:lteversion:7.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.5.5

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:7.5

Trust: 0.6

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:quicktime playerscope:neversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 31086 // JVNDB: JVNDB-2008-001682 // CNNVD: CNNVD-200809-119 // NVD: CVE-2008-3624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3624
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-3624
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200809-119
value: MEDIUM

Trust: 0.6

VULHUB: VHN-33749
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-3624
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33749
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-33749 // JVNDB: JVNDB-2008-001682 // CNNVD: CNNVD-200809-119 // NVD: CVE-2008-3624

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-33749 // JVNDB: JVNDB-2008-001682 // NVD: CVE-2008-3624

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-119

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200809-119

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001682

PATCH
title:QuickTime 7.5.5url:http://support.apple.com/kb/HT3027
Trust: 0.8
title:QuickTime 7.5.5url:http://support.apple.com/kb/HT3027?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001682

EXTERNAL IDS
db:NVDid:CVE-2008-3624
Trust: 2.8
db:BIDid:31086
Trust: 2.8
db:SECUNIAid:31821
Trust: 2.7
db:SECTRACKid:1020841
Trust: 2.5
db:VUPENid:ADV-2008-2527
Trust: 1.7
db:JVNDBid:JVNDB-2008-001682
Trust: 0.8
db:APPLEid:APPLE-SA-2008-09-09
Trust: 0.6
db:CNNVDid:CNNVD-200809-119
Trust: 0.6
db:ZDIid:ZDI-08-062
Trust: 0.4
db:ZDIid:ZDI-08-060
Trust: 0.4
db:ZDIid:ZDI-08-057
Trust: 0.4
db:ZDIid:ZDI-08-058
Trust: 0.4
db:ZDIid:ZDI-08-061
Trust: 0.4
db:VULHUBid:VHN-33749
Trust: 0.1
db:ZDIid:ZDI-08-059
Trust: 0.1
db:PACKETSTORMid:69849
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33749 // 
            
            
            
            BID: 31086 // 
            
            
            
            JVNDB: JVNDB-2008-001682 // 
            
            
            
            PACKETSTORM: 69849 // 
            
            
            
            CNNVD: CNNVD-200809-119 // 
            
            
            
            NVD: CVE-2008-3624

REFERENCES
url:http://www.securityfocus.com/bid/31086
Trust: 2.5
url:http://securitytracker.com/id?1020841
Trust: 2.5
url:http://secunia.com/advisories/31821
Trust: 2.5
url:http://support.apple.com/kb/ht3027
Trust: 1.8
url:http://lists.apple.com/archives/security-announce//2008/sep/msg00000.html
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16124
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2527
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3624
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3624
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/2527
Trust: 0.6
url:http://www.zerodayinitiative.com/advisories/zdi-08-060/
Trust: 0.4
url:http://www.zerodayinitiative.com/advisories/zdi-08-057/
Trust: 0.4
url:http://www.zerodayinitiative.com/advisories/zdi-08-062/
Trust: 0.4
url:http://www.zerodayinitiative.com/advisories/zdi-08-058/
Trust: 0.4
url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
Trust: 0.4
url:http://www.zerodayinitiative.com/advisories/zdi-08-061/
Trust: 0.4
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/
Trust: 0.3
url:http://blog.watchfire.com/wfblog/2008/09/quicktime-patch.html
Trust: 0.3
url:/archive/1/496358
Trust: 0.3
url:/archive/1/496180
Trust: 0.3
url:/archive/1/496161
Trust: 0.3
url:/archive/1/496163
Trust: 0.3
url:/archive/1/496175
Trust: 0.3
url:/archive/1/496176
Trust: 0.3
url:http://secunia.com/advisories/product/5090/
Trust: 0.1
url:http://www.apple.com/support/downloads/quicktime755fortiger.html
Trust: 0.1
url:http://www.apple.com/support/downloads/quicktime755forwindows.html
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-08-059/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/31821/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.apple.com/support/downloads/quicktime755forleopard.html
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33749 // 
            
            
            
            BID: 31086 // 
            
            
            
            JVNDB: JVNDB-2008-001682 // 
            
            
            
            PACKETSTORM: 69849 // 
            
            
            
            CNNVD: CNNVD-200809-119 // 
            
            
            
            NVD: CVE-2008-3624

CREDITS
Sergio AlvarezDavid WhartonRoee HayZDI※http://www.zerodayinitiative.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200809-119

SOURCES
db:VULHUBid:VHN-33749
db:BIDid:31086
db:JVNDBid:JVNDB-2008-001682
db:PACKETSTORMid:69849
db:CNNVDid:CNNVD-200809-119
db:NVDid:CVE-2008-3624

LAST UPDATE DATE
2024-11-23T21:24:35.638000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-33749date:2018-10-30T00:00:00
db:BIDid:31086date:2008-10-03T16:28:00
db:JVNDBid:JVNDB-2008-001682date:2008-09-29T00:00:00
db:CNNVDid:CNNVD-200809-119date:2008-11-15T00:00:00
db:NVDid:CVE-2008-3624date:2024-11-21T00:49:43.043

SOURCES RELEASE DATE
db:VULHUBid:VHN-33749date:2008-09-11T00:00:00
db:BIDid:31086date:2008-09-09T00:00:00
db:JVNDBid:JVNDB-2008-001682date:2008-09-29T00:00:00
db:PACKETSTORMid:69849date:2008-09-11T04:44:10
db:CNNVDid:CNNVD-200809-119date:2008-09-11T00:00:00
db:NVDid:CVE-2008-3624date:2008-09-11T01:13:09.757