Apple QuickTime BMP Image Decoding Overflow

2004-10-04T00:00:00
ID OSVDB:10501
Type osvdb
Reporter Michael Rondinelli()
Modified 2004-10-04T00:00:00

Description

Vulnerability Description

A remote overflow exists in QuickTime. QuickTime fails to perform proper bounds checking when processing BMP image files resulting in a heap overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple Computer, Inc. has released a patch to address this vulnerability.

Short Description

A remote overflow exists in QuickTime. QuickTime fails to perform proper bounds checking when processing BMP image files resulting in a heap overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentiality and/or integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1011531 Secunia Advisory ID:12690 ISS X-Force ID: 17596 CVE-2004-0926