ID

VAR-200901-0246


CVE

CVE-2009-0001


TITLE

Apple QuickTime Heap overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-001604

DESCRIPTION

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. Apple QuickTime is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Apple QuickTime 7.6 are vulnerable. Apple QuickTime is a multimedia framework of Apple (Apple), which can process digital video, pictures, sound and panoramic images in various formats. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-022A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: January 22, 2009 Last revised: -- Source: US-CERT Systems Affected * Apple QuickTime 7.5 for Windows and Mac OS X Overview Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. I. This file could be hosted on a web page or sent via email. II. Impact The impacts of these vulnerabilities vary. III. This and other updates are available via Software Update or via Apple Downloads. IV. References * About the security content of QuickTime 7.6 - <http://support.apple.com/kb/HT3403> * Apple Support Downloads - <http://support.apple.com/downloads/> * Mac OS X - updating your software - <http://support.apple.com/kb/HT1338?viewlocale=en_US> * Securing Your Web Browser - <https://www.us-cert.gov/reading_room/securing_browser/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-022A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-022A Feedback VU#703068" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 22, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSXj25HIHljM+H4irAQKNIgf+LSBKBzHWdjxmJgYw3vYmAXtwpUxAVThs Ma4vIB1vSjv8Us83S2XrKIGcKrdPgQgeS7Vji9WRMmlzEv/AYlFJseqq17ufGely 5YosATUh+C0SjY6OAYeJNYMws7fgGcGJagtfQp0gJTRLruknEoB/iqlASBQ7MtNg 7viHKIR8r2BxCNB1A4ir1kzPELIHFF/pmmuaD+E2PnxH1XtYLM9b9t6xbkjie2PG vEwv7JCGH/RrJtst480ZMIHOghsZ0ONoMkTjZB7o5S0ww3guktGOMB+/QiZI8eFB KbU6nB6JGscZ8Fb1E4K3yOU9MvpzEfurIvYmyMcAdxFCiq5CSUjOug== =B5D3 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33632 VERIFY ADVISORY: http://secunia.com/advisories/33632/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/advisories/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists in the processing of RTSP URLs. 2) An error due to improper validation of transform matrix data exists when processing Track Header (THKD) atoms in QuickTime Virtual Reality (QTVR) movie files. This can be exploited to cause a heap-based buffer overflow via a specially crafted QTVR file. 3) An error in the processing of "nBlockAlign" values in the "_WAVEFORMATEX" structure of AVI headers can be exploited to cause a heap-based buffer overflow when a specially crafted AVI file is accessed. 4) A boundary error exists in the processing of MPEG-2 video files containing MP3 audio content, which can be exploited to cause a buffer overflow via a specially crafted movie file. 5) An unspecified error exists in the processing of H.263 encoded movie files, which can be exploited to cause a memory corruption when a specially crafted movie file is viewed. 6) A signedness error exists within the processing of the MDAT atom when handling Cinepak encoded movie files. This can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is viewed. 7) An error exists within the function JPEG_DComponentDispatch() when processing the image width data in JPEG atoms embedded in STSD atoms. This can be exploited to cause a memory corruption when a specially crafted movie file is viewed. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. SOLUTION: Update to version 7.6. QuickTime 7.6 for Windows: http://support.apple.com/downloads/QuickTime_7_6_for_Windows QuickTime 7.6 for Leopard: http://support.apple.com/downloads/QuickTime_7_6_for_Leopard QuickTime 7.6 for Tiger: http://support.apple.com/downloads/QuickTime_7_6_for_Tiger PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Attila Suszter 4) Chad Dougherty, CERT Coordination Center 5) Dave Soldera, NGS Software 2, 3, 6, 7) An anonymous person, reported via ZDI ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3403 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-005/ http://www.zerodayinitiative.com/advisories/ZDI-09-006/ http://www.zerodayinitiative.com/advisories/ZDI-09-007/ http://www.zerodayinitiative.com/advisories/ZDI-09-008/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2009-0001 // JVNDB: JVNDB-2009-001604 // BID: 33385 // VULHUB: VHN-37447 // PACKETSTORM: 74263 // PACKETSTORM: 74228

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope:eqversion:6.5.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:4.1.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.5

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:6.0

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:5.0.2

Trust: 1.6

vendor:applemodel:quicktimescope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.6

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.2

Trust: 1.0

vendor:applemodel:quicktimescope:lteversion:7.5.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.3

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:3.0

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.4.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1.70

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.3.1

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:6.5.2

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion: -

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.5

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.0.4

Trust: 1.0

vendor:applemodel:quicktimescope:eqversion:7.1.4

Trust: 1.0

vendor:applemodel:quicktimescope:ltversion:7.6

Trust: 0.8

vendor:applemodel:quicktimescope:eqversion:3

Trust: 0.6

vendor:applemodel:quicktime playerscope:neversion:7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 33385 // JVNDB: JVNDB-2009-001604 // CNNVD: CNNVD-200901-258 // NVD: CVE-2009-0001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0001
value: HIGH

Trust: 1.0

NVD: CVE-2009-0001
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200901-258
value: MEDIUM

Trust: 0.6

VULHUB: VHN-37447
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0001
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37447
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37447 // JVNDB: JVNDB-2009-001604 // CNNVD: CNNVD-200901-258 // NVD: CVE-2009-0001

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-37447 // JVNDB: JVNDB-2009-001604 // NVD: CVE-2009-0001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-258

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200901-258

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001604

PATCH

title:HT3403url:http://support.apple.com/kb/HT3403

Trust: 0.8

sources: JVNDB: JVNDB-2009-001604

EXTERNAL IDS

db:NVDid:CVE-2009-0001

Trust: 2.8

db:USCERTid:TA09-022A

Trust: 2.0

db:BIDid:33385

Trust: 1.4

db:SECUNIAid:33632

Trust: 1.3

db:VUPENid:ADV-2009-0212

Trust: 1.1

db:USCERTid:SA09-022A

Trust: 0.8

db:JVNDBid:JVNDB-2009-001604

Trust: 0.8

db:CNNVDid:CNNVD-200901-258

Trust: 0.7

db:CS-HELPid:SB2022072128

Trust: 0.6

db:AUSCERTid:ESB-2020.1427

Trust: 0.6

db:VULHUBid:VHN-37447

Trust: 0.1

db:PACKETSTORMid:74263

Trust: 0.1

db:ZDIid:ZDI-09-008

Trust: 0.1

db:ZDIid:ZDI-09-005

Trust: 0.1

db:ZDIid:ZDI-09-006

Trust: 0.1

db:ZDIid:ZDI-09-007

Trust: 0.1

db:PACKETSTORMid:74228

Trust: 0.1

sources: VULHUB: VHN-37447 // BID: 33385 // JVNDB: JVNDB-2009-001604 // PACKETSTORM: 74263 // PACKETSTORM: 74228 // CNNVD: CNNVD-200901-258 // NVD: CVE-2009-0001

REFERENCES

url:http://www.us-cert.gov/cas/techalerts/ta09-022a.html

Trust: 1.9

url:http://support.apple.com/kb/ht3403

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2009/jan/msg00000.html

Trust: 1.1

url:http://www.securityfocus.com/bid/33385

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6135

Trust: 1.1

url:http://secunia.com/advisories/33632

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/0212

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/48154

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0001

Trust: 0.8

url:http://jvn.jp/cert/jvnta09-022a/

Trust: 0.8

url:http://jvn.jp/tr/jvntr-2009-04/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0001

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa09-022a.html

Trust: 0.8

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1427/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072128

Trust: 0.6

url:http://www.apple.com/quicktime/

Trust: 0.3

url:https://www.us-cert.gov/reading_room/securing_browser/>

Trust: 0.1

url:http://support.apple.com/kb/ht1338?viewlocale=en_us>

Trust: 0.1

url:http://support.apple.com/kb/ht3403>

Trust: 0.1

url:http://support.apple.com/downloads/>

Trust: 0.1

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta09-022a.html>

Trust: 0.1

url:http://secunia.com/advisories/product/5090/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-09-005/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-09-008/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-09-007/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://support.apple.com/downloads/quicktime_7_6_for_leopard

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-09-006/

Trust: 0.1

url:http://support.apple.com/downloads/quicktime_7_6_for_windows

Trust: 0.1

url:http://support.apple.com/downloads/quicktime_7_6_for_tiger

Trust: 0.1

url:http://secunia.com/advisories/33632/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-37447 // BID: 33385 // JVNDB: JVNDB-2009-001604 // PACKETSTORM: 74263 // PACKETSTORM: 74228 // CNNVD: CNNVD-200901-258 // NVD: CVE-2009-0001

CREDITS

Attila SuszterChad DoughertyDave Soldera

Trust: 0.6

sources: CNNVD: CNNVD-200901-258

SOURCES

db:VULHUBid:VHN-37447
db:BIDid:33385
db:JVNDBid:JVNDB-2009-001604
db:PACKETSTORMid:74263
db:PACKETSTORMid:74228
db:CNNVDid:CNNVD-200901-258
db:NVDid:CVE-2009-0001

LAST UPDATE DATE

2024-11-23T19:55:13.055000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-37447date:2018-10-30T00:00:00
db:BIDid:33385date:2009-01-22T16:32:00
db:JVNDBid:JVNDB-2009-001604date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200901-258date:2022-07-22T00:00:00
db:NVDid:CVE-2009-0001date:2024-11-21T00:58:49.360

SOURCES RELEASE DATE

db:VULHUBid:VHN-37447date:2009-01-21T00:00:00
db:BIDid:33385date:2009-01-21T00:00:00
db:JVNDBid:JVNDB-2009-001604date:2009-07-08T00:00:00
db:PACKETSTORMid:74263date:2009-01-23T04:59:56
db:PACKETSTORMid:74228date:2009-01-22T13:46:43
db:CNNVDid:CNNVD-200901-258date:2009-01-21T00:00:00
db:NVDid:CVE-2009-0001date:2009-01-21T20:30:00.250