Apple QuickTime < 7.7.79.80.95 - PSD File Parsing Memory Corruption

🗓️ 30 Mar 2016 00:00:00Reported by Francis ProvencherType

zdt🔗 0day.today👁 31 Views

Apple QuickTime < 7.7.79.80.95 - PSD File Parsing Memory Corruption. Vulnerability allows remote attackers to execute arbitrary cod

Reporter	Title	Published	Views	Family All 18
Tenable Nessus	Mac OS X < 10.11.4 Multiple Vulnerabilities	2 Sep 201600:00	–	nessus
Tenable Nessus	Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities	27 May 201600:00	–	nessus
Tenable Nessus	Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities	22 Mar 201600:00	–	nessus
Apple	About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002	21 Mar 201600:00	–	apple
Apple	About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support	23 Jan 201703:54	–	apple
BDU FSTEC	The vulnerability of the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code.	6 Apr 201600:00	–	bdu_fstec
Circl	CVE-2016-1769	30 Mar 201600:00	–	circl
CNVD	Apple OS X QuickTime memory corruption vulnerability (CNVD-2016-01896)	25 Mar 201600:00	–	cnvd
Check Point Advisories	Apple QuickTime PSD File Parsing Memory Corruption (CVE-2016-1769)	20 Jun 201600:00	–	checkpoint_advisories
CVE	CVE-2016-1769	24 Mar 201601:00	–	cve

#####################################################################################
 
Application: Apple Quicktime
 
Platforms: Windows, OSX
 
Versions: before version 7.7.79.80.95
 
Author: Francis Provencher of COSIG
 
Website: http://www.protekresearchlab.com/
 
Twitter: @COSIG_ @protekresearch
 
CVE-2016-1769
 
#####################################################################################
 
1) Introduction
2) Report Timeline
3) Technical details
4) POC
 
#####################################################################################
 
===============
1) Introduction
===============
 
QuickTime is an extensible multimedia framework developed by Apple Inc., capable of handling various formats of digital video, picture, sound, panoramic images, and interactivity. The classic version of QuickTime is available for Windows Vista and later, as well as Mac OS X Leopard and later operating systems. A more recent version, QuickTime X, is currently available on Mac OS X Snow Leopard and newer.
 
(https://en.wikipedia.org/wiki/QuickTime)
 
#####################################################################################
 
============================
2) Report Timeline
============================
 
2016-01-07: Francis Provencher from COSIG report issue to Apple security team;
2016-01-13: Apple security team  confirmed this issue;
2016-03-22: Apple fixed this issue;
 
https://support.apple.com/en-us/HT206167
#####################################################################################
 
============================
3) Technical details
============================
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
 
By providing a malformed PSD file, an attacker is able to create an out of bound read condition and execute code in the context of the current user or may allow access to sensitive memory space.
 
#####################################################################################
 
===========
 
4) POC
 
===========
 
http://protekresearchlab.com/exploits/COSIG-2016-16.psd
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39635.zip
 
###############################################################################

#  0day.today [2018-03-10]  #

30 Mar 2016 00:00Current

0.5Low risk

Vulners AI Score0.5

EPSS0.04565