Lucene search

K
saintSAINT CorporationSAINT:94F5493393E2AE699B94C745234ABCCC
HistoryJul 16, 2012 - 12:00 a.m.

Apple QuickTime QTVRStringAtom stringLength Parameter QTVR Movie File Handling

2012-07-1600:00:00
SAINT Corporation
my.saintcorporation.com
17

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.214 Low

EPSS

Percentile

96.5%

Added: 07/16/2012
CVE: CVE-2012-0667
BID: 53583
OSVDB: 81938

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime 7.7.1 and earlier versions are vulnerable to remote code execution if the user is persuaded to open a specially crafted QTVR movie file. The specific flaw exists within the QuickTimeVR.qtx component which fails to properly check the stringLength parameter when processing a QTVRStringAtom, resulting in an integer signedness buffer overflow. Successful exploitation could result in a remote attacker running arbitrary code in the context of the affected user.

Resolution

Upgrade to QuickTime 7.7.2 or higher.

References

<http://support.apple.com/kb/HT5261&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-12-077/&gt;

Limitations

This exploit was tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn).

The user must open the HTML exploit file in Internet Explorer 8.

Platforms

Windows

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.214 Low

EPSS

Percentile

96.5%