|发布时间 :2005-12-31 00:00:00|
|修订时间 :2017-07-10 21:33:17|
[原文]Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Apple QuickTime Player是QuickTime软件包的一个组件，可提供高质量声音和图象的媒体播放功能。
- CVSS (基础分值)
- CPE (受影响的平台与产品)
|cpe:/a:apple:quicktime:7.0||Apple Quicktime 7.0|
|cpe:/a:apple:quicktime:7.0.3||Apple Quicktime 7.0.3|
|cpe:/a:apple:quicktime:7.0.1||Apple Quicktime 7.0.1|
|cpe:/a:apple:quicktime:7.0.2||Apple Quicktime 7.0.2|
- OVAL (用于检测的技术细节)
(PATCH) APPLE APPLE-SA-2006-01-10
(UNKNOWN) SECTRACK 1015464
(PATCH) BID 16202
(UNKNOWN) VUPEN ADV-2006-0128
(UNKNOWN) XF quicktime-tga-overflow(24057)
|2005-12-31 00:00:00||2006-05-24 00:00:00|
| Apple QuickTime Player是QuickTime软件包的一个组件，可提供高质量声音和图象的媒体播放功能。
- 漏洞信息 (F43081)
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TGA image files. This is due to application failure to sanitize the parameter ImageWidth value while parsing TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
Fortinet Security Advisory: FSA-2006-05 Apple QuickTime Player ImageWidth Integer Overflow Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3708 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Buffer Overflow Vulnerability in the Apple QuickTime Player. Apple QuickTime has buffer overflow vulnerability in parsing the specially crafted TGA image files. This is due to application failure to sanitize the parameter ImageWidth value while parsing TGA image files. A remote attacker could construct a web page with specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it'll cause memory access violation, and leading to potential Arbitrary Command Execution. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. Disclaimer : Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
|Apple QuickTime TGA Image Processing Remote Integer Overflow Vulnerability|
|Boundary Condition Error||16873|
|2006-01-10 12:00:00||2008-05-01 07:16:00|
|Discovery is credited to Dejun Meng of Fortinet.|
|Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 7.0.4
|Apple QuickTime Player 7.0.4
|QuickTime is prone to a remote integer-overflow vulnerability.
This issue presents itself when the application processes a specially crafted TGA file.
A successful attack can result in a remote compromise.
Versions prior to QuickTime 7.0.4 are vulnerable.
NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability.
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.
Apple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address this issue. Please see the referenced advisory for more information.
Apple QuickTime Player 7.0.3