Apple QuickTime stsd Atom Parsing Remote Code Execution Vulnerability
2013-06-11T00:00:00
ID ZDI-13-116 Type zdi Reporter Mil3s beep Modified 2013-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the stsd atom. A malformed stsd atom can be used to cause heap corruption. An attacker can leverage this vulnerability to execute code under the context of the current process.
{"hash": "5c36f5799da7038b67969637b2fb202bd2578cc751118af7606314ea731359ec", "edition": 2, "title": "Apple QuickTime stsd Atom Parsing Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the stsd atom. A malformed stsd atom can be used to cause heap corruption. An attacker can leverage this vulnerability to execute code under the context of the current process.", "viewCount": 1, "objectVersion": "1.2", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "f6a3d8823a905357ca06c65a89648798", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9327a64fec47b73abf60b44446d1ff58", "key": "description"}, {"hash": "1f77e72bfa94faf463a44a3e6e21f229", "key": "href"}, {"hash": "b7fd0bad9a3db89554b13b658b53fddb", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "c5c974c1c6d58380923d9db6f4a0e987", "key": "published"}, {"hash": "998c3dbdcd3412c97d84c0dc2d92fab2", "key": "references"}, {"hash": "f2e5cf5f53afa51fbc2ba94c93a137c5", "key": "reporter"}, {"hash": "8a518ea55820fa171d1a120ca40f3ded", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvelist": ["CVE-2013-1021"], "bulletinFamily": "info", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-116", "history": [{"bulletin": {"hash": "9ea6b16442edc482c7be5e3821db4b3a59cba2d0c8cba5b9fad96de9529e5368", "id": "ZDI-13-116", "title": "Apple QuickTime stsd Atom Parsing Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the stsd atom. A malformed stsd atom can be used to cause heap corruption. An attacker can leverage this vulnerability to execute code under the context of the current process.", "viewCount": 0, "objectVersion": "1.2", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "f6a3d8823a905357ca06c65a89648798", "key": "cvelist"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "de25676891f23b04ab869e6e7840e9a3", "key": "modified"}, {"hash": "998c3dbdcd3412c97d84c0dc2d92fab2", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "1f77e72bfa94faf463a44a3e6e21f229", "key": "href"}, {"hash": "8a518ea55820fa171d1a120ca40f3ded", "key": "title"}, {"hash": "c5c974c1c6d58380923d9db6f4a0e987", "key": "published"}, {"hash": "9327a64fec47b73abf60b44446d1ff58", "key": "description"}, {"hash": "f2e5cf5f53afa51fbc2ba94c93a137c5", "key": "reporter"}], "cvelist": ["CVE-2013-1021"], "bulletinFamily": "info", "published": "2013-06-11T00:00:00", "references": ["http://support.apple.com/kb/HT1222"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 1, "reporter": "Mil3s beep", "lastseen": "2016-09-04T11:34:08", "history": [], "modified": "2013-09-04T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-116", "type": "zdi"}, "lastseen": "2016-09-04T11:34:08", "edition": 1, "differentElements": ["modified"]}], "id": "ZDI-13-116", "reporter": "Mil3s beep", "published": "2013-06-11T00:00:00", "references": ["http://support.apple.com/kb/HT1222"], "lastseen": "2016-11-09T00:17:59", "modified": "2013-11-09T00:00:00", "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2016-11-09T00:17:59"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1021"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29425", "SECURITYVULNS:VULN:13091"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310803809", "OPENVAS:803809"]}, {"type": "kaspersky", "idList": ["KLA10017"]}, {"type": "nessus", "idList": ["QUICKTIME_774.NASL"]}], "modified": "2016-11-09T00:17:59"}, "vulnersScore": 8.1}, "type": "zdi"}
{"cve": [{"lastseen": "2019-05-29T18:13:01", "bulletinFamily": "NVD", "description": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.", "modified": "2017-09-19T01:35:00", "id": "CVE-2013-1021", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1021", "published": "2013-05-24T16:43:00", "title": "CVE-2013-1021", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-03-03T20:58:33", "bulletinFamily": "scanner", "description": "This host is installed with QuickTime Player and is prone\n to multiple vulnerabilities.", "modified": "2020-02-28T00:00:00", "published": "2013-06-07T00:00:00", "id": "OPENVAS:1361412562310803809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803809", "title": "Apple QuickTime Multiple Vulnerabilities - June13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple QuickTime Multiple Vulnerabilities - June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:quicktime\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803809\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2013-1022\", \"CVE-2013-1021\", \"CVE-2013-1020\", \"CVE-2013-1019\",\n \"CVE-2013-1018\", \"CVE-2013-1017\", \"CVE-2013-1016\", \"CVE-2013-1015\",\n \"CVE-2013-0989\", \"CVE-2013-0988\", \"CVE-2013-0987\", \"CVE-2013-0986\");\n script_bugtraq_id(60104, 60103, 60108, 60102, 60098, 60097,\n 60092, 60110, 60101, 60100, 60109, 60099);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-06-07 18:15:48 +0530 (Fri, 07 Jun 2013)\");\n script_name(\"Apple QuickTime Multiple Vulnerabilities - June13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5770\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/53520\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2013/May/msg00001.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"QuickTime/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code,\n memory corruption or buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"QuickTime Player version prior to 7.7.4 on Windows.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws due to boundary errors when handling:\n\n - FPX files\n\n - 'enof' and 'mvhd' atoms\n\n - H.263 and H.264 encoded movie files\n\n - A certain value in a dref atom within a MOV file\n\n - A channel_mode value of MP3 files within the CoreAudioToolbox component\n\n - Unspecified error when handling TeXML files, JPEG encoded data, QTIF files\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 7.7.4 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with QuickTime Player and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"7.7.4\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"7.7.4\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:20", "bulletinFamily": "scanner", "description": "This host is installed with QuickTime Player and is prone\n to multiple vulnerabilities.", "modified": "2017-05-05T00:00:00", "published": "2013-06-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=803809", "id": "OPENVAS:803809", "title": "Apple QuickTime Multiple Vulnerabilities - June13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_quicktime_mult_vuln_jun13_win.nasl 6074 2017-05-05 09:03:14Z teissa $\n#\n# Apple QuickTime Multiple Vulnerabilities - June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code,\n memory corruption or buffer overflow.\n Impact Level: System/Application\";\n\ntag_affected = \"QuickTime Player version prior to 7.7.4 on Windows\";\ntag_insight = \"Multiple flaws due to,\n Boundary error when handling\n - FPX files\n - 'enof' and 'mvhd' atoms\n - H.263 and H.264 encoded movie files\n - A certain value in a dref atom within a MOV file\n - A channel_mode value of MP3 files within the CoreAudioToolbox component\n Unspecified error when handling TeXML files, JPEG encoded data, QTIF files\";\ntag_solution = \"Upgrade to version 7.7.4 or later,\n For updates refer to http://support.apple.com/downloads\";\ntag_summary = \"This host is installed with QuickTime Player and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803809);\n script_version(\"$Revision: 6074 $\");\n script_cve_id(\"CVE-2013-1022\", \"CVE-2013-1021\", \"CVE-2013-1020\", \"CVE-2013-1019\",\n \"CVE-2013-1018\", \"CVE-2013-1017\", \"CVE-2013-1016\", \"CVE-2013-1015\",\n \"CVE-2013-0989\", \"CVE-2013-0988\", \"CVE-2013-0987\", \"CVE-2013-0986\");\n script_bugtraq_id(60104, 60103, 60108, 60102, 60098, 60097,\n 60092, 60110, 60101, 60100, 60109, 60099);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-05 11:03:14 +0200 (Fri, 05 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-07 18:15:48 +0530 (Fri, 07 Jun 2013)\");\n script_name(\"Apple QuickTime Multiple Vulnerabilities - June13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5770\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53520\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2013/May/msg00001.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_quicktime_detection_win_900124.nasl\");\n script_mandatory_keys(\"QuickTime/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nquickVer = \"\";\n\n## Get the version from KB\nquickVer = get_kb_item(\"QuickTime/Win/Ver\");\nif(!quickVer){\n exit(0);\n}\n\n## Check for QuickTime Player Version less than 7.7.4\nif(version_is_less(version:quickVer, test_version:\"7.7.4\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:21", "bulletinFamily": "info", "description": "### *Detect date*:\n05/22/2013\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.\n\n### *Affected products*:\nApple QuickTime versions 7.7.3 and earlier\n\n### *Solution*:\nUpdate to latest version \n[QuickTime](<http://www.apple.com/quicktime/download/>)\n\n### *Original advisories*:\n[Apple entry](<http://support.apple.com/kb/HT5770>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple QuickTime](<https://threats.kaspersky.com/en/product/Apple-QuickTime/>)\n\n### *CVE-IDS*:\n[CVE-2013-0987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987>)9.3Critical \n[CVE-2013-0989](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989>)9.3Critical \n[CVE-2013-1021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1021>)9.3Critical \n[CVE-2013-0986](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986>)9.3Critical \n[CVE-2013-1018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1018>)9.3Critical \n[CVE-2013-1019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019>)9.3Critical \n[CVE-2013-1017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017>)9.3Critical \n[CVE-2013-1015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015>)9.3Critical \n[CVE-2013-0988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988>)9.3Critical \n[CVE-2013-1016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1016>)9.3Critical \n[CVE-2013-1020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020>)9.3Critical \n[CVE-2013-1022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1022>)9.3Critical", "modified": "2019-03-07T00:00:00", "published": "2013-05-22T00:00:00", "id": "KLA10017", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10017", "title": "\r KLA10017Multiple vulnerabilities in Apple QuickTime ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-05-22-1 QuickTime 7.7.4\r\n\r\nQuickTime 7.7.4 is now available and addresses the following:\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Opening a maliciously crafted TeXML file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nTeXML files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1015 : Aniway.Anyway@gmail.com working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.263\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1016 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'dref'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-1017 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.264\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted MP3 file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of MP3 files.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of Sorenson\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nJPEG encoded data. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1020 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted QTIF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nQTIF files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-0987 : roob working with iDefense VCP\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Opening a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG\r\nencoded data. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1021 : Mil3s beep working with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'enof'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted FPX file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FPX files.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer underflow existed in the handling of 'mvhd'\r\natoms. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day\r\nInitiative\r\n\r\nQuickTime 7.7.4 may be obtained from the QuickTime Downloads site:\r\nhttp://support.apple.com/downloads/\r\n\r\nThe download file is named: "QuickTimeInstaller.exe"\r\nIts SHA-1 digest is: 50395ed3c9ac1f8104e0ad18c99a14c03755d060\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRnRFuAAoJEPefwLHPlZEwxAUP/17v2uoUVcz8EqTDyfX5Hntm\r\nuAORsTKZ14ZKIN16pNjWNyUMHJSdgOB7DJVbr8ZtaNg4zN2nrZ+tBbAi233uhbe0\r\n1CGwkOkL4bi5JR3btZ7AxORETKMLgwATwahVJZLfRcZp9IMhiIZ5JIP/rmdgH2IL\r\n52/dRRsWrg3Guk36EAqzznelTSeVLP2cQMw9d0ukvsz9jOIMpOJ7FXmv/7K0003c\r\n2m6OtuScfy4Q+BIqql13kZ94cAILPUovIz2L900ry9AQVTbdwwggQ5Tgnf1lqUYy\r\nxBnAVFsS/WWwEN4MyNbkdvsQEUc04vBgTN8dIfGUV4M/MLIRzY9TX+uamxoU/FRA\r\ncfPSGlcQi21poOJ6a9bzVfPBkmPaz4P0M3VplSbAJAqYpALsMVH332mjd2m1o5pL\r\n5VE8EUGcmHIa1jgdrsiWzYThzJIE+KCY6iW/PemC2DzcNz0uJUChPC/ao9UWPLII\r\n05F0xVO4mGa+UClgX5o5OLvOFecX6redFjXuQk/QVzzDP95GIyAybLjQYeuFVpgD\r\n1KGgF0CYjYuk19hZh+HcfZ9j7RIUOrVdCVFIH0+v+IZwRsAh+6NamvdRWTaI5fjg\r\nPiQs1l+8IirII5xrikS6TanUewzdpIyK+pHBtz/OwneLKm79vSYdMLZDQU6deeoN\r\nX0HHvIjtkT16kuhL1yMx\r\n=lnE0\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-05-27T00:00:00", "published": "2013-05-27T00:00:00", "id": "SECURITYVULNS:DOC:29425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29425", "title": "APPLE-SA-2013-05-22-1 QuickTime 7.7.4", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "Memory corruptions on different formats and protocols parsing.", "modified": "2013-05-27T00:00:00", "published": "2013-05-27T00:00:00", "id": "SECURITYVULNS:VULN:13091", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13091", "title": "Apple QuickTime multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-04-01T02:12:12", "bulletinFamily": "scanner", "description": "The version of QuickTime installed on the remote Windows host is older\nthan 7.7.4. It is, therefore, reportedly affected by the following\nvulnerabilities :\n\n - Buffer overflow vulnerabilities exist in the handling of\n ", "modified": "2020-04-02T00:00:00", "id": "QUICKTIME_774.NASL", "href": "https://www.tenable.com/plugins/nessus/66636", "published": "2013-05-28T00:00:00", "title": "QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(66636);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2013-0986\",\n \"CVE-2013-0987\",\n \"CVE-2013-0988\",\n \"CVE-2013-0989\",\n \"CVE-2013-1015\",\n \"CVE-2013-1016\",\n \"CVE-2013-1017\",\n \"CVE-2013-1018\",\n \"CVE-2013-1019\",\n \"CVE-2013-1020\",\n \"CVE-2013-1021\",\n \"CVE-2013-1022\"\n );\n script_bugtraq_id(\n 60092,\n 60097,\n 60098,\n 60099,\n 60100,\n 60101,\n 60102,\n 60103,\n 60104,\n 60108,\n 60109,\n 60110\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-05-22-1\");\n\n script_name(english:\"QuickTime < 7.7.4 Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks version of QuickTime on Windows\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains an application that may be affected\nby multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of QuickTime installed on the remote Windows host is older\nthan 7.7.4. It is, therefore, reportedly affected by the following\nvulnerabilities :\n\n - Buffer overflow vulnerabilities exist in the handling of\n 'dref' atoms, 'enof' atoms, 'mvhd' atoms, FPX files, MP3\n files, H.263 and H.264 encoded movie files, Sorenson\n encoded movie files, and JPEG encoded data.\n (CVE-2013-0986, CVE-2013-0988, CVE-2013-0989,\n CVE-2013-1016, CVE-2013-1017, CVE-2013-1018,\n CVE-2013-1019, CVE-2013-1021, CVE-2013-1022)\n\n - Memory corruption vulnerabilities exist in the handling\n of QTIF files, TeXML files, and JPEG encoded data.\n (CVE-2013-0987, CVE-2013-1015, CVE-2013-1020)\n\nSuccessful exploitation of these issues could result in program\ntermination or arbitrary code execution, subject to the user's\nprivileges.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-110/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-111/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-112/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-113/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-114/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-115/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-116/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-117/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-118/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-119/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT202735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2013/May/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/526669/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-080/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-110/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to QuickTime 7.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Quicktime 7 Invalid Atom Length Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:quicktime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"quicktime_installed.nasl\");\n script_require_keys(\"SMB/QuickTime/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"SMB/QuickTime/\";\n\nversion = get_kb_item_or_exit(kb_base+\"Version\");\npath = get_kb_item_or_exit(kb_base+\"Path\");\n\nversion_ui = get_kb_item(kb_base+\"Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nfixed_version = \"7.74.80.86\";\nfixed_version_ui = \"7.7.4 (1680.86)\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : '+fixed_version_ui+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\naudit(AUDIT_INST_PATH_NOT_VULN, 'QuickTime Player', version_report, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
