CVE-2005-3711
CVSS7.5
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 00:00:00
NMCPS    

[原文]Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.


[CNNVD]Apple QuickTime畸形TIFF图形溢出漏洞(CNNVD-200512-1000)

        Apple QuickTime Player是QuickTime软件包的一个组件,可提供高质量声音和图象的媒体播放功能。
        QuickTime Player处理特制的TIFF图形时存在整数溢出漏洞,可能导致拒绝服务或执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/a:apple:quicktime:7.0.2Apple Quicktime 7.0.2
cpe:/a:apple:quicktime:7.0.1Apple Quicktime 7.0.1
cpe:/a:apple:quicktime:7.0Apple Quicktime 7.0
cpe:/a:apple:quicktime:7.0.3Apple Quicktime 7.0.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3711
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3711
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-1000
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16202
(PATCH)  BID  16202
http://secunia.com/advisories/18370
(VENDOR_ADVISORY)  SECUNIA  18370
http://docs.info.apple.com/article.html?artnum=303101
(PATCH)  APPLE  APPLE-SA-2006-01-10
http://xforce.iss.net/xforce/xfdb/24059
(UNKNOWN)  XF  quicktime-tiff-overflow(24059)
http://www.vupen.com/english/advisories/2006/0128
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0128
http://www.securityfocus.com/archive/1/archive/1/421831/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/421799/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060112 Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Access
http://www.osvdb.org/22337
(UNKNOWN)  OSVDB  22337
http://securitytracker.com/id?1015465
(UNKNOWN)  SECTRACK  1015465
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0442.html
(UNKNOWN)  FULLDISC  20060112 Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability

- 漏洞信息

Apple QuickTime畸形TIFF图形溢出漏洞
高危 缓冲区溢出
2005-12-31 00:00:00 2006-05-24 00:00:00
远程  
        Apple QuickTime Player是QuickTime软件包的一个组件,可提供高质量声音和图象的媒体播放功能。
        QuickTime Player处理特制的TIFF图形时存在整数溢出漏洞,可能导致拒绝服务或执行任意代码。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.apple.com/quicktime/

- 漏洞信息 (F43078)

FSA-2006-02.txt (PacketStormID:F43078)
2006-01-15 00:00:00
Dejun Meng  
advisory,remote,web,arbitrary
apple
CVE-2005-3711
[点击下载]

Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a vulnerability in the Apple QuickTime Player. Apple QuickTime has a vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripOffsets value while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.

Fortinet Security Advisory: FSA-2006-02

Apple QuickTime Player StripOffsets Improper Memory Access

Advisory Date      : January 12, 2006
Reported Date      : November 28, 2005
Vendor             : Apple computers
Affected Products  : Apple QuickTime Player v7.0.3
Severity           : High
Reference      : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3711
		 http://docs.info.apple.com/article.html?artnum=303101
		 http://www.securityfocus.com/bid/16202/info

Description	   :  Fortinet Security Research Team (FSRT) has discovered a
Vulnerability in the Apple QuickTime Player. Apple QuickTime has a
vulnerability in parsing the specially crafted TIFF image files. This is
due to application failure to sanitize the parameter StripOffsets value
while parsing TIFF image files. A remote attacker could construct a web
page with specially crafted tiff file and entice a victim to view it, when
the user opens the TIFF image with Internet Explorer or Apple QuickTime
Player, it'll cause memory access violation, and leading to potential
Arbitrary Command Execution.

Impact             : Execute arbitrary code

Solution	   : Apple Computers has released a security update for this
vulnerability, which is available for downloading from Apples's web site
under security update.

Fortinet Protection: Fortinet is protecting network from this
vulnerability with latest IPS update.

Acknowledgment     : Dejun Meng of Fortinet Security Research team found
this vulnerability.


    

- 漏洞信息 (F43077)

FSA-2006-01.txt (PacketStormID:F43077)
2006-01-15 00:00:00
Dejun Meng  
advisory,remote,web,overflow,arbitrary
apple
CVE-2005-3711
[点击下载]

Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, and leading to potential arbitrary command execution.

Fortinet Security Advisory: FSA-2006-01

Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability

Advisory Date      : January 12, 2006
Reported Date      : November 28, 2005
Vendor             : Apple computers
Affected Products  : Apple QuickTime Player v7.0.3
Severity           : High
Reference      : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3711
	         http://docs.info.apple.com/article.html?artnum=303101
	         http://www.securityfocus.com/bid/16202/info

Description	   :  Fortinet Security Research Team (FSRT) has discovered a
Buffer Overflow Vulnerability in the Apple QuickTime Player. Apple
QuickTime has buffer overflow vulnerability in parsing the specially
crafted TIFF image files. This is due to application failure to sanitize
the parameter StripByteCounts while parsing TIFF image files. A remote
attacker could  construct a web page with specially crafted tiff file and
entice a victim to view it, when the user opens the TIFF image with
Internet Explorer or Apple QuickTime Player, it'll cause memory access
violation, and leading to potential Arbitrary Command Execution.

Impact             : Execute arbitrary code

Solution	   : Apple Computers has released a security update for this
vulnerability, which is available for downloading from Apples's web site
under security update.

Fortinet Protection: Fortinet is protecting network from this
vulnerability with latest IPS update.

Acknowledgment     : Dejun Meng of Fortinet Security Research team found
this vulnerability.



    

- 漏洞信息

Apple QuickTime TIFF Image Processing Strips/Bands Integer Overflow Vulnerability
Boundary Condition Error 16869
Yes No
2006-01-10 12:00:00 2008-05-01 07:06:00
Dejun Meng of Fortinet.

- 受影响的程序版本

Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 7.0.4

- 不受影响的程序版本

Apple QuickTime Player 7.0.4

- 漏洞讨论

QuickTime is prone to a remote integer-overflow vulnerability.

This issue presents itself when the application processes a specially crafted TIFF file containing specially crafted values for 'strips' or 'bands'.

A successful attack can result in a remote compromise.

Versions prior to QuickTime 7.0.4 are vulnerable.

NOTE: This issue was previously discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities), but has been assigned its own record to better document the vulnerability.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Apple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address this issue. Please see the referenced advisory for more information.


Apple QuickTime Player 7.0.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站