Apple QuickTime VR Extension QTVR Movie Handling Overflow

2007-11-05T20:18:22
ID OSVDB:38545
Type osvdb
Reporter Mario Ballano Bárcena(mballano@gmail.com)
Modified 2007-11-05T20:18:22

Description

Vulnerability Description

A remote overflow exists in Apple QuickTime Player. The media player fails to check bounds on panorama sample atoms in QuickTime Virtual Reality movies resulting in a heap-based overflow. With a specially crafted movie file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 7.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Apple QuickTime Player. The media player fails to check bounds on panorama sample atoms in QuickTime Virtual Reality movies resulting in a heap-based overflow. With a specially crafted movie file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL US-CERT Cyber Security Alert: TA07-310A Security Tracker: 1018894 Secunia Advisory ID:27523 Related OSVDB ID: 38550 Related OSVDB ID: 38544 Related OSVDB ID: 38546 Related OSVDB ID: 38548 Related OSVDB ID: 38549 Related OSVDB ID: 38547 Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 Other Advisory URL: http://www.48bits.com/advisories/qt_pdat_heapbof.pdf Other Advisory URL: http://blog.48bits.com/?p=176 Mail List Post: http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html ISS X-Force ID: 38282 FrSIRT Advisory: ADV-2007-3723 CVE-2007-4675 Bugtraq ID: 26342