CVE-2005-3707
CVSS7.5
发布时间 :2005-12-31 00:00:00
修订时间 :2017-07-10 21:33:17
NMCOPS    

[原文]Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.


[CNNVD]Apple QuickTime畸形TGA图形溢出漏洞(CNNVD-200512-710)

        Apple QuickTime Player是QuickTime软件包的一个组件,可提供高质量声音和图象的媒体播放功能。
        QuickTime Player处理特制的TGA图形时存在缓冲区溢出和整数溢出漏洞,可能导致拒绝服务或执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:apple:quicktime:7.0Apple Quicktime 7.0
cpe:/a:apple:quicktime:7.0.3Apple Quicktime 7.0.3
cpe:/a:apple:quicktime:7.0.1Apple Quicktime 7.0.1
cpe:/a:apple:quicktime:7.0.2Apple Quicktime 7.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3707
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-710
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html
(UNKNOWN)  FULLDISC  20060112 Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability"
http://docs.info.apple.com/article.html?artnum=303101
(PATCH)  APPLE  APPLE-SA-2006-01-10
http://securitytracker.com/id?1015464
(UNKNOWN)  SECTRACK  1015464
http://www.kb.cert.org/vuls/id/115729
(UNKNOWN)  CERT-VN  VU#115729
http://www.securityfocus.com/bid/16202
(PATCH)  BID  16202
http://www.us-cert.gov/cas/techalerts/TA06-011A.html
(UNKNOWN)  CERT  TA06-011A
http://www.vupen.com/english/advisories/2006/0128
(UNKNOWN)  VUPEN  ADV-2006-0128
https://exchange.xforce.ibmcloud.com/vulnerabilities/24056
(UNKNOWN)  XF  quicktime-tga-bo(24056)

- 漏洞信息

Apple QuickTime畸形TGA图形溢出漏洞
高危 缓冲区溢出
2005-12-31 00:00:00 2006-05-24 00:00:00
远程  
        Apple QuickTime Player是QuickTime软件包的一个组件,可提供高质量声音和图象的媒体播放功能。
        QuickTime Player处理特制的TGA图形时存在缓冲区溢出和整数溢出漏洞,可能导致拒绝服务或执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.apple.com/quicktime/

- 漏洞信息 (F43080)

FSA-2006-04.txt (PacketStormID:F43080)
2006-01-15 00:00:00
Dejun Meng  
advisory,remote,web,arbitrary
apple
CVE-2005-3707
[点击下载]

Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered an improper memory access vulnerability in the Apple QuickTime Player. The vulnerability exists when parsing specially crafted TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause memory access violation, leading to potential arbitrary command execution.

Fortinet Security Advisory: FSA-2006-04

Apple QuickTime Player Improper Memory Access Vulnerability

Advisory Date      : January 12, 2006
Reported Date      : November 28, 2005
Vendor             : Apple computers
Affected Products  : Apple QuickTime Player v7.0.3
Severity           : High
Reference      : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707
                 http://docs.info.apple.com/article.html?artnum=303101
                 http://www.securityfocus.com/bid/16202/info

Description        :  Fortinet Security Research Team (FSRT) has
discovered a Improper Memory Access Vulnerability in the Apple QuickTime
Player. Apple QuickTime has Improper Memory Access  vulnerability in
parsing the specially crafted TGA image files. A remote attacker could
construct a web page with specially crafted TGA file and entice a victim
to view it, when the user opens the TGA image with Internet Explorer or
Apple QuickTime Player, it'll cause memory access violation, and leading
to potential Arbitrary Command Execution.

Impact             : Execute arbitrary code

Solution           : Apple Computers has released a security update for
this vulnerability, which is available for downloading from Apples's web
site under security update.

Fortinet Protection: Fortinet is protecting network from this
vulnerability with latest IPS update.

Acknowledgment     : Dejun Meng of Fortinet Security Research team found
this vulnerability.

Disclaimer         : Although Fortinet has attempted to provide accurate
information in these materials, Fortinet assumes no legal responsibility
for the accuracy or completeness of the information. More specific
information is available on request from Fortinet. Please note that
Fortinet's product information does not constitute or contain any
guarantee, warranty or legally binding representation, unless expressly
identified as such in a duly signed ptutaepres su54  "4s eunl ly
 sti accurate
informatiGA allly signed ptutaepres sder="0" align=" .
Chum=ertp://cve.l whe.grok.cn/vukldisc-losure/200-chum=erl?art
Hostn impd sibiloa Imbyuritynia sd://securitynia/bid/ 

- 漏洞信息 (F43080) 62

62 align="top" class="mainside> ncuCVE库链> ch teal" taruCVE高级检索 l wh.php?an() {=reer">">最新CVE列表 >
ncu检索!-- b-- i name="Contid"id"e="text/javass="mainsh teabox="cvss">"id"eplacehol"0" a输入VAL键字或CVE: (UNK "e="Contsubmit2="cvsssubmit2=""static/compes/sea/submit.gifass="mainshndaign=uext查看/检索!--"lick="pm('.htm">"()"/ > (UNK atio ncuVAL于!--
t.htm-mitr" taruCVE:准概述 tves/ing 200-citr" taruCVE:准架构 >
ncuCVE
tve.htmsr" taruCVE章列表 ly ourcAs-citr" taruCVE >
"id").keyupction() { {
"();
iv class="clr"gadlem" >ncuWise Wr="s>
<" ht: boxt19 设计是组发梘,补一不是发解决案过程/td>img""static/compes/sea/ IPS_2.gifasaltfo_s/se"th="20%"><" ht: boxt19
class="clr">
le> 2 style="widtht: bo:5pxdiv> ve widter="0" aligspacing="0" cla"padding="0" cells="clr"fbg>ly "0"a
le> v> style="widtdiseray:non=a> hrpt type="text/javascript" src s = _bdhmectiocol = ((ps://ex" == ment.getEloon.pro.pctiocol) ? " s://exch" : " s://xch"); ment.getEaepre(une.orge("%3Cpt src="sta'" + _bdhmectiocol + "hm.baidu/quich.js%3Fca227db14814d01f2e44f31433e48552'e="text/javascript'; %3E%3Cipt> <%3E")); ript> cseInstPiwik
FSA-TechnicespCy28, rity Adviss/TA6-01-111A (PacketStormID:F43080)<62<
2006-01-15 00:00:00
DejuUS-  TA06ref="http://www.us-cert.gov/cas/rget="_blank">(Pacert.gov/cas
advisory,remoifiArbihe sew.hceitrary
apple
CVE-2005-37074092,2005-3707 ,2005-3707 10,2005-3707 13,2005-3707234d>
文件下载: Fort-----BEGIN PGP SIGNED MESSAGE----- HaplaiSHA1 plI. ription e QuickTime Play4 alloly olvnd E 30328, he e withmpd media s/do hmpdlreprerability exiA reFurinfwnll?vuld Ed="lable on rhese m ow">htreprerability in tNthas: VU#629845 sde CompkTime Playe withhmpdlreprbr overflow in e QuickTime Playain anyd E heaprflow in Aerability with Foreriyows re d="cker coulxecute arbitrary code via onta memoa ifiArb-of-sew.hce aindn.js"> (CAN5-3707234d) VU#921193 sde CompkTime Playfvuld rovideperignhmpdlevcorrurc=media o/dow e QuickTime Playain anyd E heaprflow in Aerability withhe Applhmpdlrep he media s/do revuulnerability. Deriyows re E te,web,essauAppe a aPro dker coulxecute arbitrary code via onta memoa ifiArbihe sew.hcey/pta erabilituicsystnm> (CAN5-37074092) VU#29 (CAN5-3707 ) VU#250753 sde CompkTime Playfvuld rovideperignhmpdlevcorrurc=TIFF es/sea e QuickTime Playain anyd E thetegverflow in Aerability withhe App hmpdlreprhe TIFF es/searevuulnerability. Deriyows re E te,web, ssauAppe a aPro dker coulxecute arbitrary code via onta memoa ifiArb he sew.hcey/pta erabilituicsystnm> (CAN5-3707 1d) VU#91344/ sde CompkTime Playfvuld rovideperignhmpdlevcorrurc=GIF es/sea e flawhhe Applwiyoe QuickTime has Impdles Graphicsernet ge.xfotineon (GIF) o/dowld consws re E te,web dker coulxecute arbitrary code via op d erabilituicsystnm> (CAN5-3707 13) plII. ct vulnit the infslnerability exiA gvcod.tineormation doest.htm ific infnit ,in; notesee Applerability in tNthas. Ptial Arb ainsst fncA gn=cluccute,web ution. plIII. tion UpgraSolu UpgraSolxeckTime Play4 all. ple Qendnx A. rence sp * US- &nbserability in tNtha VU#629845 s <://www.kb.cert.org/vuls/id/1157629845>p * US- &nbserability in tNtha VU#921193 s <://www.kb.cert.org/vuls/id/1157921193>p * US- &nbserability in tNtha VU#29 lows>p "4s eunl ly sti accurate informatiGA allly se informatiGA allly si Feedbr cocE tbendird ProdxecUS- &nbsTechnicespStaffease notesend umvuldxec<.gov@.org/vul>h late"-011A.htm Feedbr coVU#91344/"hhe App subjd P.p "4s eunl ly sti accurate informatiGA allly se informatiGA allly si Fneormct a w>.p "4s eunl ly sti accurate informatiGA allly se informatiGA allly si ucts rod RepmbyuUS- &nb, d gflown ).tovulaniza. Impa verm the mem:p <://www.applert.gov/cas/lly bl>p "4s eunl ly sti accurate informatiGA allly se informatiGA allly si Rery, id="infob">O tr td label { width: 80px; float: left; font-weight: bold; } textyle>

O< - 漏洞信息

O l>文Lof the rnetgr D> 文解决式abel> d> le>

- 漏洞信描述/h2> - 漏洴&nbs线/h2> ble width="98%" border="0" align="center" id="info_cnnv/

le>

- 漏解决案/h2> tls="pm">- 漏慳OVAL参考/h2> tsty

le> onclick="pm('oval_psF4auApor - 漏洞信恅:
&nbs Apple QuickTime畸 imaguct vioto pMu(); llnOlow in s>
文仞信操:
-01-15 001> 2006 Unledg
文利彟:2006Unledg文解决:2006Unledgd>
nk hurityFocunsit cou:href="http://securitytracker.com/id?1015464" target="_blank">http464
nk huBugkerq IDahref="http://www.securityfocus.com/bid/16202" target="_blank">http2
nk huritynia sory DateIDahref="http://www.ritynia/bid/sories/20061837target="_blank">(Pac1837t
nk huCVEeIDahref="http://www.mitre.org/cgi-bin/cvename.cgi?name=CVE--3707" target="_blank">http-3707
http/a>http-3707" ta
http/a>http-3707" ta
http/a>eIDahref="http-/cv_cb">Ohttp22333
ef="http-/cv_cb">Ohttp2233a
ef="http-/cv_cb">Ohttp22335
ef="http-/cv_cb">Ohttp-233a
ef="http-/cv_cb">Ohttp-233a
nk huMvuldLgov Postahref="http://www.ives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html" target="_blank">http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html
/>href="http://www.ives.neohapsis.com/archives/fulldisclosure/2006-01/0445.ht7l" target="_blank">http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.ht7l
nk huOinfwnsory DateURLahref="http://www..info.apple.com/article.html?artnum=303101" target="_blank">http://docs.info.apple.com/article.html?artnum=303101
nk <>
2 2 i> S tr td label { width: 80px; float: left; font-weight: bold; } textyle>

tls="pm">- 漏洞信息

漏洞名称:Apple QuickTime畸 imagI fileuct vioto pRe,web er overOlow in serability in > le>

nclick="pm('refe_cnnvd a1 - 漏潱响的平度:- 漏不响的平度: tls="pm">- 漏洞信讨论/h2> />>> />Vows- 漏洞信利/h2> rmation doe,in; notemvuldutemp:neradb@rityfocus.com/bid. lieul>n> lik <> le>

r>nclick="pm('refe_cnnvsion - 漏解决案/h2> />>> /> l li> td c> />h />h
  • A QuicpkTime Play4 all/> />h
  • ref="http://www.apple.com/quicktime/" tarp://www.apple.com/quicktime/ > /> />h
  • r> le>

    r>nclick="pm('refe_cnnv)"> tls="pm">- 漏慳OVAL参考/h2> tsty

    2 2 i> bl i> 2 2 bl ipt type="text/javascript" src InstBaidu er" /> BEGIN hrefs="buttods_tsinaa> an> refs="buttshEd=Cou tldataxt/"texbar:s&uinf5376177" cript>
    END > >
    文䨋 Yeu> 文仜地漏abel> Nod>
    -01-10 2006-05824 001 09:36
    />> a hr <>
    BEGIN ];
  • ||ument.getElementsByTagName('scribody]; )pe.cendChild(d }) ; END > > ble> p

    >

  • <" gn="top" cla>>ncur clauVAL于SCAPan> 中文社区> /td> <" gn="top" cla>>ncur clau版声明an>(PacE <" gn="top" cla>>wb:ow">ht-br" /> uinf"1418901063"e="textred_4"th="20%"30<" ht: boxttargro wb:ow">ht-br" />>> > ble> style="width:700pauAo;br cgr thi-color:#000a ve widter="0" aligspacing="0" cla"padding="0" cells="clr"foo>
    5ellnowrapfollwrap"ur clale="widtcolor:#FFF">©manpyr: bo -314href="http://packseibo/englu/1418901063"e=t="_blank">(Pac@evan-cs>京ICP备14000297号-2an> >is"s="mainul_frihnd/scrli"s="mainli_frihnd/scref="http://www.scapyouxia/cgi-"e=t="_blank">(Pac游侠问网 > /li"s="mainli_frihnd/scref="http://www.scapfreebuf/engl"e=t="_blank">(PacFreebuF/eng > /li"s="mainli_frihnd/scref="http://www.scapritkungfu/engl"e=t="_blank">(Pac问功夫 > /li"s="mainli_frihnd/scref="http://www.bobylive/engl"e=t="_blank">(PacFi"htly风物 > /li"s="mainli_frihnd/scref="http://www.sebug.netl"e=t="_blank">(PacSebug信> > /li"s="mainli_frihnd/scref="http://www.scapcn-hr c.netl"e=t="_blank">(Pac黑客榜榜> > /li"s="mainli_frihnd/scref="http://www.scapnxadmin/engl"e=t="_blank">(Pac阿德马web问> > /li"s="mainli_frihnd/scref="http://www.scapduusu/engl"e=t="_blank">(Pac独速> > /li"s="mainli_frihnd/scref="http://www.seb2hr c.cgi-"e=t="_blank">(Pacseb2hr c> > /li"s="mainli_frihnd/scref="http://www.scapdadan.cgi-"e=t="_blank">(Pac大胆's BLOG> > /li"s="mainli_frihnd/scref="http://www.scapcnnetrit/engl"e=t="_blank">(PacInfoSecLab> > /li"s="mainli_frihnd/scref="http://www.scap91ri/cgirget="_blank">(Pac问攻防实胮> > /li"s="mainli_frihnd/scref="http://www.scappediy/engl"e=t="_blank">(Pac看雪学院 > /li"s="mainli_frihnd/scref="http://www.sec-wiki/eng"e=t="_blank">(PacSecWiki> > /li"s="mainli_frihnd/scref="http://www.scapcnhr c.bid.cnl"e=t="_blank">(Pac黑客中文网 > /li"s="mainli_frihnd/scref="http://www.scapidaofeng/engl"e=t="_blank">(Pac锋问> > /li"s="mainli_frihnd/scref="http://www.sec007.ccl"e=t="_blank">(Pac问凌凌柒 > /li"s="mainli_frihnd/scref="http://www.scaprptc.appleng"e=t="_blank">(Pac瑞鹏天乘科技 > /li"s="mainli_frihnd/scref="http://www.scapbugrit/cgi-"e=t="_blank">(PacBugSec > /li"s="mainli_frihnd/scref="http://www.scap1937cn/englforum.php"e=t="_blank">(Pac中国网军盟> > /li"s="mainli_frihnd/scref="http://www.scapourlove520leng"e=t="_blank">(PacIT学习网 > /li"s="mainli_frihnd/scref="http://www.edu.gooann/engl"e=t="_blank">(Pac谷网校> > /li"s="mainli_frihnd/scref="http://www.scapmetaser it.cnl"e=t="_blank">(Pac渗透测试> > /li"s="mainli_frihnd/scref="http://www.scaphdhr.com/id?1"e=t="_blank">(Pac黑盾科技论坛> > /li"s="mainli_frihnd/scref="http#tle="Secu请微博私 发邮件至">(gkew@gmvul/id?申请ac您丽枚...> > / <>