SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple QuickTime Vendors:   Apple
Apple QuickTime Unspecified Heap Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015356
SecurityTracker URL:  http://securitytracker.com/id/1015356
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 14 2005
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 7.0.3
Description:   A vulnerability was reported in Apple QuickTime. A remote user may be able to execute arbitrary code on the target system.

A user can trigger a heap overflow in the player and potentially execute arbitrary code on the target system. No details were provided pending vendor resolution.

iTunes 6.0.1 is also affected.

The vendor has been notified.

badpack3t of Security-Protocols.com reported this vulnerability.

The original advisory is available at:

http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109

Impact:   A remote user may be able to cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Apple QuickTime/iTunes Heap Overflow Vulnerability

Description:
>From the "Upcoming Release: Apple Quicktime/iTunes Heap Overflow" report:
"A heap overflow vulnerability exists within Apple Quicktime 7.0.3 and 
iTunes 6.0.1 on OS X and Win32. The vulnerability allows an attacker to 
reliably overwrite heap memory with arbitrary data in order to execute 
arbitrary code on a targeted host. This has been tested on OS X and 
Win32. I have reported this issue to Apple. I will publish more details 
once Apple has released a patch for this issue. Just a side note, this 
was published from my local Apple store. ;-) Here is a screenshot if you 
are interested."

Source:
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109

Detailed description:
QuickTime error report in Windows XP from Security-protocols.com:
http://security-protocols.com/upcoming/qt-overflow.png
Reportedly problem in QuickTime is in quicktimeplayer.exe executable.

Affected versions:
The vulnerability has been reported in Apple Quicktime 7.0.3 and iTunes 
6.0.1 on OS X and Microsoft Windows.

OS:
Microsoft Windows
Apple Mac OS X

Vendor:
Apple Computer, Inc.
http://www.apple.com/

Product Home Pages:
http://www.apple.com/quicktime/
http://www.apple.com/itunes/

Solution status:
Reportedly no updated versions available from the vendor.

Reportedly vendor was contacted on December 2nd, 2005 or earlier.

References:
http://www.security-protocols.com/modules.php?name=News&file=article&sid=3109

CVE information: N/A

Credit information:
This vulnerability is researched by Tom Ferris (aka badpack3t).

I have no any connections to Security-Protocols.com or Mr. Ferris.


Best regards,
Juha-Matti Laurio, Networksecurity.fi
Security researcher
Finland
http://www.networksecurity.fi/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC