SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple TV Vendors:   Apple
(Apple Issues Fix for Apple TV) QuickTime PICT/Movie/QTVR/Indeo Bugs Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1020977
SecurityTracker URL:  http://securitytracker.com/id/1020977
CVE Reference:   CVE-2008-3626, CVE-2008-3629   (Links to External Site)
Date:  Oct 3 2008
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0, 2.1
Description:   Several vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions. Apple TV is affected by two of the vulnerabilities.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system or cause the target application to crash. The code will run with the privileges of the target user.

A specially crafted PICT image can trigger an integer overflow [CVE-2008-3614]. Only Windows-based systems are affected. An anonymous researcher reported this vulnerability via iDefense.

A specially crafted movie file can trigger a flaw in the third-party Indeo v5 codec and execute arbitrary code [CVE-2008-3615]. Only Windows-based systems are affected. Paul Byrne of NGSSoftware reported this vulnerability.

A specially crafted QTVR movie file can trigger a heap overflow [CVE-2008-3624]. Roee Hay of IBM Rational Application Security Research Group reported this vulnerability.

A specially crafted QTVR movie file can trigger a stack overflow [CVE-2008-3625]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.

A movie file with specially crafted STSZ atoms can trigger a memory corruption error and execute arbitrary code [CVE-2008-3626]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.

A specially crafted H.264 encoded movie file can trigger a memory corruption error and execute arbitrary code [CVE-2008-3627]. An anonymous researcher and Subreption LLC reported this vulnerability via TippingPoint's Zero Day Initiative.

A specially crafted PICT image can trigger an invalid pointer error and execute arbitrary code [CVE-2008-3628]. Only Windows-based systems are affected. David Wharton reported this vulnerability.

A specially crafted PICT image can trigger an out-of-bounds memory read bug and cause the target application to crash [CVE-2008-3629]. Sergio 'shadown' Alvarez of n.runs AG reported this vulnerability.

A specially crafted movie file can trigger a stack overflow in the third-party Indeo v3.2 codec [CVE-2008-3635]. Only Windows-based systems are affected. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system or cause the target application to crash.
Solution:   Apple has released a fix for CVE-2008-3626 and CVE-2008-3629 for Apple TV, available via the automatic update feature.

The Apple advisory is available at:

http://support.apple.com/kb/HT3189

Vendor URL:  support.apple.com/kb/HT3189 (Links to External Site)
Cause:   Access control error, Boundary error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Sep 9 2008 QuickTime PICT/Movie/QTVR/Indeo Bugs Let Remote Users Deny Service and Execute Arbitrary Code



 Source Message Contents

Subject:  APPLE-SA-2008-10-02 Apple TV 2.2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-10-02 Apple TV 2.2

Apple TV 2.2 is now available and addresses the following issues:

Apple TV
CVE-ID:  CVE-2007-4674
Available for:  Apple TV 1.0 and 2.1
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution.
Description:  An integer arithmetic issue in the handling of certain
movie file atoms may lead to a stack buffer overflow. Opening a
maliciously crafted movie file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved handling of atom length fields in movie files.
Credit to Cody Pierce of TippingPoint DVLabs for reporting this
issue.

Apple TV
CVE-ID:  CVE-2008-3626
Available for:  Apple TV 1.0 and 2.1
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in the handling of
STSZ atoms in movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking of STSZ atoms. Credit to an anonymous researcher working
with TippingPoint's Zero Day Initiative for reporting this issue.

Apple TV
CVE-ID:  CVE-2008-3629
Available for:  Apple TV 1.0 and 2.1
Impact:  Opening a maliciously crafted PICT image may lead to an
unexpected application termination
Description:  An out-of-bounds read issue exists in the handling of
PICT images. Opening a maliciously crafted PICT image may lead to an
unexpected application termination. This update addresses the issue
by performing additional validation of PICT images. Credit to Sergio
'shadown' Alvarez of n.runs AG for reporting this issue.

Installation note:

The Apple TV device will automatically check Apple's update server on
its weekly schedule.  When an update is detected, it will download
it, verify its signature, and install it.

This process may take up to a week depending on the day that the
Apple TV device checks for updates.  Alternatively, you may manually
update your Apple TV using the TV interface by selecting
Settings > Update Software.

This update is only available directly to the Apple TV, and will not
appear in your computer's Software Update application, or in the
Apple Downloads site.

To check that the Apple TV has been updated, use the TV interface:

* Navigate to Settings
* Select About
* The Software Version after applying this update will be "2.2"
* To exit the About screen to the main menu, press Menu

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBSOWFfHkodeiKZIkBAQhBdgf9HhxrH6TIeTtYUliyRIDlKVI4cArKx+rT
55OfGqpLR/eAoOJP6/yJ1mSVYxO7nWtJJNw9uxdOVJLzFrqg8vfG9BPaZfYNkUpo
oEnKRASwCS1BhO0m/ykzkAupEAJ8SidycHbaA1UC6+m9NtlOlJofnUULMiTAKCpk
TWhRRLalTZTWM9EftjLRlwrZloteziOCUc6SRYck7Bm4LJ7c5+i17F2M+jh3yceW
p5HbiYU1lLsJDrSSAl2DRW0Wn4aYywxIDco89YCeS9OHVuIhuqDSmVpx37O9s6T/
GLMzINfAUbve2CpuPZg/qoAxo6nncsxREZdKOF0p35mGohgjHl48Ew==
=4xKN
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC