Sign-up

ID

VAR-201407-0176


CVE

CVE-2014-4979


TITLE

Apple QuickTime Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-003577

DESCRIPTION

Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the 'mvhd' atom. By exploiting this, an attacker could execute code in the context of the current user. Apple QuickTime is prone to a heap-memory-corruption vulnerability. The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-22-1 QuickTime 7.7.6 QuickTime 7.7.6 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted m4a file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio samples. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4351 : Karl Smith of NCC Group QuickTime 7.7.6 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUSBRSAAoJEBcWfLTuOo7tgDoQAIBUrnAQpbBQoanvqNDw5R2j Ntl+aKzuZaVloKn78HN0T5ihcx3K0FxtjCN//KGwJpKBCG8MGnF/CisEnstkLM3t jn6oZ0kmowAOt0CEM6s391uWTNnV+Na3dN7WBNu7943+qkTbUiSeojTEE9DHpxCN tE/hmyBR3dEpAKza8rQzGYYZTBJ9wFhcL91M9hmo0ZXrfgdRE8xFQBnEHtUPqv1N QBgVm6GVKxFhgNcUZnk/+JNWpPxlWGDyb+N7mB7H8FIPUJRbxMsJaAro9JjyjM2h Za5gNgVTdNNeM0iVItbt8a6JLo+F1CFD6dJJvFZUSoGYhCevfIrRHNmZBKynLFNw lciM0iUXgoEwTsgfwOQf9gr8QSzMdTrODXgX6PQptKL2xSxHQ15Vumz9Z+LdZb2B osh/+iGndw+xQCojR3+IomTZlxlHEaGxm45PkRtYwrAsmXXNnsOIC5Eqrk5sFpPH gDioMLytASE2Y+ASBTHT0kNOVs2BY/2uLlToE+/tf908oLOjDpmHmbzk9PZHrJsX hGaqFdrpGmZsm1QcO05/ykoPiqka1C9cgJHYKdXddeTCZEss4oFB0ER/fQ7cz6Bc iOV80BMWMFArsZMPmiwltCYfiw82HxeTgc7UvRHGFlXmpE4q1lHrU1dt+NkOnmv9 t/srMKTMnrGAAGLz0jqq =PiXJ -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2014-4979 // JVNDB: JVNDB-2014-003577 // ZDI: ZDI-14-264 // BID: 68852 // VULHUB: VHN-72920 // PACKETSTORM: 128840

AFFECTED PRODUCTS

vendor:applemodel:quicktimescope: - version: -

Trust: 2.1

vendor:applemodel:quicktimescope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9 to 10.9.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:10.7.5

Trust: 0.8

vendor:applemodel:quicktime playerscope:eqversion:7.7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.8

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6(1671)

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1.70

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.7

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.64.17.73

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6.9

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6.4

Trust: 0.3

vendor:applemodel:quicktime playerscope:eqversion:6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.6

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.3.4

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:quicktimescope:eqversion:7

Trust: 0.3

sources: ZDI: ZDI-14-264 // BID: 68852 // JVNDB: JVNDB-2014-003577 // CNNVD: CNNVD-201407-632 // NVD: CVE-2014-4979

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4979
value: HIGH

Trust: 1.0

NVD: CVE-2014-4979
value: HIGH

Trust: 0.8

ZDI: CVE-2014-4979
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201407-632
value: CRITICAL

Trust: 0.6

VULHUB: VHN-72920
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-4979
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2014-4979
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-72920
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-14-264 // VULHUB: VHN-72920 // JVNDB: JVNDB-2014-003577 // CNNVD: CNNVD-201407-632 // NVD: CVE-2014-4979

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-72920 // JVNDB: JVNDB-2014-003577 // NVD: CVE-2014-4979

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-632

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201407-632

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003577

PATCH
title:QuickTimeurl:https://www.apple.com/jp/quicktime/
Trust: 0.8
title:HT6443url:http://support.apple.com/kb/HT6443
Trust: 0.8
title:HT6443url:http://support.apple.com/kb/HT6443?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003577

EXTERNAL IDS
db:NVDid:CVE-2014-4979
Trust: 3.6
db:ZDIid:ZDI-14-264
Trust: 3.2
db:BIDid:68852
Trust: 1.4
db:SECTRACKid:1030638
Trust: 1.1
db:JVNid:JVNVU93868849
Trust: 0.8
db:JVNDBid:JVNDB-2014-003577
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2082
Trust: 0.7
db:CNNVDid:CNNVD-201407-632
Trust: 0.7
db:VULHUBid:VHN-72920
Trust: 0.1
db:PACKETSTORMid:128840
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-264 // 
            
            
            
            VULHUB: VHN-72920 // 
            
            
            
            BID: 68852 // 
            
            
            
            JVNDB: JVNDB-2014-003577 // 
            
            
            
            PACKETSTORM: 128840 // 
            
            
            
            CNNVD: CNNVD-201407-632 // 
            
            
            
            NVD: CVE-2014-4979

REFERENCES
url:http://zerodayinitiative.com/advisories/zdi-14-264/
Trust: 2.5
url:http://www.securityfocus.com/bid/68852
Trust: 1.1
url:http://support.apple.com/kb/ht6443
Trust: 1.1
url:https://support.apple.com/kb/ht6493
Trust: 1.1
url:http://www.securitytracker.com/id/1030638
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4979
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93868849/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4979
Trust: 0.8
url:http://www.apple.com/quicktime/
Trust: 0.3
url:http://www.apple.com/quicktime/download/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4350
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4351
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4979
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1391
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
sources:
            
            
            VULHUB: VHN-72920 // 
            
            
            
            BID: 68852 // 
            
            
            
            JVNDB: JVNDB-2014-003577 // 
            
            
            
            PACKETSTORM: 128840 // 
            
            
            
            CNNVD: CNNVD-201407-632 // 
            
            
            
            NVD: CVE-2014-4979

CREDITS
Andrea Micalizzi aka rgod
Trust: 1.0
sources:
            
            
            ZDI: ZDI-14-264 // 
            
            
            
            BID: 68852

SOURCES
db:ZDIid:ZDI-14-264
db:VULHUBid:VHN-72920
db:BIDid:68852
db:JVNDBid:JVNDB-2014-003577
db:PACKETSTORMid:128840
db:CNNVDid:CNNVD-201407-632
db:NVDid:CVE-2014-4979

LAST UPDATE DATE
2024-11-23T19:59:20.359000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-264date:2014-07-23T00:00:00
db:VULHUBid:VHN-72920date:2017-01-07T00:00:00
db:BIDid:68852date:2014-10-29T00:58:00
db:JVNDBid:JVNDB-2014-003577date:2014-09-22T00:00:00
db:CNNVDid:CNNVD-201407-632date:2014-07-29T00:00:00
db:NVDid:CVE-2014-4979date:2024-11-21T02:11:12.817

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-264date:2014-07-23T00:00:00
db:VULHUBid:VHN-72920date:2014-07-26T00:00:00
db:BIDid:68852date:2014-07-23T00:00:00
db:JVNDBid:JVNDB-2014-003577date:2014-07-29T00:00:00
db:PACKETSTORMid:128840date:2014-10-24T20:29:35
db:CNNVDid:CNNVD-201407-632date:2014-07-29T00:00:00
db:NVDid:CVE-2014-4979date:2014-07-26T11:11:57.660