CVE-2006-1458
CVSS5.1
发布时间 :2006-05-12 16:06:00
修订时间 :2011-03-07 00:00:00
NMCOS    

[原文]Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.


[CNNVD]Apple QuickTime JPEG image整数溢出漏洞(CNNVD-200510-060)

        Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。
        攻击者可以通过创建特制的JPEG图形触发整数溢出,导致以用户权限执行任意指令或拒绝服务。
        Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。
        Apple QuickTime中存在多个缓冲区溢出和整数溢出漏洞。通过诱骗用户访问一些特制的图像或多媒体文件,攻击者可以执行任意代码或者导致QuickTime播放器崩溃。具体如下:
        CVE-2006-1458
        攻击者可以通过创建特制的JPEG图形触发整数溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1459,CVE-2006-1460
        攻击者可以创建特制的QuickTime电影触发整数溢出或缓冲区溢出,导致导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1461
        攻击者可以创建特制的Flash电影触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1462, CVE-2006-1463
        攻击者可以创建特制的H.264电影触发整数溢出或缓冲区溢出,导致导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1464
        攻击者可以创建特制的MPEG4电影触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1465
        攻击者可以创建特制的AVI电影触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1453, CVE-2006-1454
        QuickDraw在处理畸形的PICT文件时存在两个漏洞,畸形的字体信息可能导致栈溢出,畸形的图形数据可能导致堆溢出。攻击者可以创建特制的PICT图形。如果用户浏览了该图形就会导致执行任意指令。
        CVE-2006-2238
        攻击者可以创建特制的BMP图形触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/a:apple:quicktime:7.0.3Apple Quicktime 7.0.3
cpe:/a:apple:quicktime:7.0.4Apple Quicktime 7.0.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1458
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1458
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-060
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/289705
(PATCH)  CERT-VN  VU#289705
http://www.us-cert.gov/cas/techalerts/TA06-132B.html
(UNKNOWN)  CERT  TA06-132B
http://www.securityfocus.com/bid/17953
(PATCH)  BID  17953
http://securitytracker.com/id?1016067
(PATCH)  SECTRACK  1016067
http://secunia.com/advisories/20069
(VENDOR_ADVISORY)  SECUNIA  20069
http://lists.apple.com/archives/security-announce/2006/May/msg00002.html
(PATCH)  APPLE  APPLE-SA-2006-05-11
http://xforce.iss.net/xforce/xfdb/26391
(UNKNOWN)  XF  quicktime-jpeg-overflow(26391)
http://www.vupen.com/english/advisories/2006/1778
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1778

- 漏洞信息

Apple QuickTime JPEG image整数溢出漏洞
中危 设计错误
2005-10-07 00:00:00 2007-01-03 00:00:00
远程※本地  
        Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。
        攻击者可以通过创建特制的JPEG图形触发整数溢出,导致以用户权限执行任意指令或拒绝服务。
        Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。
        Apple QuickTime中存在多个缓冲区溢出和整数溢出漏洞。通过诱骗用户访问一些特制的图像或多媒体文件,攻击者可以执行任意代码或者导致QuickTime播放器崩溃。具体如下:
        CVE-2006-1458
        攻击者可以通过创建特制的JPEG图形触发整数溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1459,CVE-2006-1460
        攻击者可以创建特制的QuickTime电影触发整数溢出或缓冲区溢出,导致导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1461
        攻击者可以创建特制的Flash电影触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1462, CVE-2006-1463
        攻击者可以创建特制的H.264电影触发整数溢出或缓冲区溢出,导致导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1464
        攻击者可以创建特制的MPEG4电影触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1465
        攻击者可以创建特制的AVI电影触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。
        CVE-2006-1453, CVE-2006-1454
        QuickDraw在处理畸形的PICT文件时存在两个漏洞,畸形的字体信息可能导致栈溢出,畸形的图形数据可能导致堆溢出。攻击者可以创建特制的PICT图形。如果用户浏览了该图形就会导致执行任意指令。
        CVE-2006-2238
        攻击者可以创建特制的BMP图形触发缓冲区溢出,导致以用户权限执行任意指令或拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kb.cert.org/vuls/id/289705

- 漏洞信息

25508
Apple QuickTime JPG Processing Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-05-09 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 7.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apple QuickTime Multiple Integer and Buffer Overflow Vulnerabilities
Boundary Condition Error 17953
Yes No
2006-05-11 12:00:00 2006-05-15 10:29:00
The vendor credits Mike Price of McAfee Avert Labs, ATmaCA working through TippingPoint, eEye Digital Security, and the Zero Day Initiative for the discovery of these vulnerabilities.

- 受影响的程序版本

Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 6
- Apple Mac OS 9 9.2.2
- Apple Mac OS 9 9.2.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Apple QuickTime Player 7.1

- 不受影响的程序版本

Apple QuickTime Player 7.1

- 漏洞讨论

Multiple integer-overflow and buffer-overflow vulnerabilities affect QuickTime. These issues affect both Mac OS X and Microsoft Windows releases of the software.

Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released QuickTime version 7.1 to address these issues.


Apple QuickTime Player 6.1

Apple QuickTime Player 6.5

Apple QuickTime Player 6.5.1

Apple QuickTime Player 6.5.2

Apple QuickTime Player 7.0

Apple QuickTime Player 7.0.1

Apple QuickTime Player 7.0.2

Apple QuickTime Player 7.0.3

Apple QuickTime Player 7.0.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站