Apple QuickTime BMP Processing ReadBMP() Function Overflow

2006-04-19T10:17:36
ID OSVDB:24820
Type osvdb
Reporter Tom Ferris(tommy@security-protocols.com)
Modified 2006-04-19T10:17:36

Description

Vulnerability Description

A remote overflow exists in the Mac OS X default handler for files with a '.bmp' extension. The 'ReadBMP' function fails to properly validate input, resulting in a heap overflow. With a specially crafted file, an attacker can cause the applicaton to crash and potentially execute arbitrary code on the victim's system, resulting in a loss of integrity.

Solution Description

Upgrade to QuickTime version 7.1 or higher, as it has been reported to fix this vulnerability. A seperate upgrade may be required to address other components of the operating system.

Short Description

A remote overflow exists in the Mac OS X default handler for files with a '.bmp' extension. The 'ReadBMP' function fails to properly validate input, resulting in a heap overflow. With a specially crafted file, an attacker can cause the applicaton to crash and potentially execute arbitrary code on the victim's system, resulting in a loss of integrity.

References:

Vendor URL: http://www.apple.com/macosx/ Vendor Specific Advisory URL Secunia Advisory ID:19686 Secunia Advisory ID:20069 Related OSVDB ID: 24819 Related OSVDB ID: 25510 Related OSVDB ID: 25511 Related OSVDB ID: 24821 Related OSVDB ID: 24823 Related OSVDB ID: 25508 Related OSVDB ID: 25512 Related OSVDB ID: 25516 Related OSVDB ID: 25517 Related OSVDB ID: 24822 Related OSVDB ID: 25513 Related OSVDB ID: 25509 Related OSVDB ID: 25514 Related OSVDB ID: 25515 Other Advisory URL: http://www.security-protocols.com/sp-x27-advisory.php CVE-2006-2238