ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability



> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf 
> Of iDefense Labs
> Sent: Tuesday, March 06, 2007 1:18 AM
> To: vulnwatch@xxxxxxxxxxxxx; 
> full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] iDefense Security Advisory 
> 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability
> 
> Apple QuickTime Color Table ID Heap Corruption Vulnerability
> 
> iDefense Security Advisory 03.05.07
> http://labs.idefense.com/intelligence/vulnerabilities/
> Mar 05, 2007
> 
> I. BACKGROUND
> 
> Quicktime is Apple's media player product used to render 
> video and other
> media. For more information visit http://www.apple.com/quicktime/
> 
> II. DESCRIPTION
> 
> Remote exploitation of a heap corruption vulnerability in 
> Apple Computer
> Inc.'s QuickTime media player could allow an attacker to 
> execute arbitrary
> commands in the context of the current user.
> 
> The vulnerability specifically exists in QuickTime players handling of
> Video media atoms. When the 'Color table ID' field in the Video Sample
> Description is 0, QuickTime expects a color table to be present
> immediately after the description. A byte swap process is 
> then performed
> on the memory following the description, regardless if a 
> table is present
> or not. Heap corruption will occur in the case when the 
> memory following
> the description is not part of the heap chunk being processed.
> 
> III. ANALYSIS
> 
> Exploitation allows an attacker to execute arbitrary code in 
> the context of
> the current user.
> 
> In order to exploit this vulnerability, an attacker must 
> persuade a victim
> into opening a specially crafted media file. This could be 
> accomplished by
> either a direct link or referenced from a website under the attacker's
> control. No further interaction is required in the default 
> configuration.
> 
> IV. DETECTION
> 
> iDefense Labs confirmed this vulnerability exists in version 7.1.3 of
> QuickTime on Windows. Previous versions are suspected to be 
> vulnerable.
> 
> V. WORKAROUND
> 
> iDefense is currently unaware of any effective workarounds for this
> vulnerability.
> 
> VI. VENDOR RESPONSE
> 
> Apple has addressed this vulnerability by releasing version 7.1.5 of
> Quicktime. More information can be found in Apple Advisory
> APPLE-SA-2007-03-05 at the following URL.
> 
> http://docs.info.apple.com/article.html?artnum=305149
> 
> VII. CVE INFORMATION
> 
> The Common Vulnerabilities and Exposures (CVE) project has 
> assigned the
> name CVE-2007-0718 to this issue. This is a candidate for inclusion in
> the CVE list (http://cve.mitre.org/), which standardizes names for
> security problems.
> 
> VIII. DISCLOSURE TIMELINE
> 
> 12/06/2006  Initial vendor notification
> 12/11/2007  Initial vendor response
> 02/01/2007  Second vendor notification
> 03/05/2007  Coordinated public disclosure
> 
> IX. CREDIT
> 
> This vulnerability was reported to iDefense by Ruben Santamarta of
> Reversemode Labs (www.reversemode.com).
> 
> Get paid for vulnerability research
> http://labs.idefense.com/methodology/vulnerability/vcp.php
> 
> Free tools, research and upcoming events
> http://labs.idefense.com/
> 
> X. LEGAL NOTICES
> 
> Copyright (c) 2007 iDefense, Inc.
> 
> Permission is granted for the redistribution of this alert 
> electronically.
> It may not be edited in any way without the express written consent of
> iDefense. If you wish to reprint the whole or any part of 
> this alert in
> any other medium other than electronically, please e-mail
> customerservice@xxxxxxxxxxxx for permission.
> 
> Disclaimer: The information in the advisory is believed to be 
> accurate at
> the time of publishing based on currently available 
> information. Use of
> the information constitutes acceptance for use in an AS IS condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any 
> direct, indirect,
> or consequential loss or damage arising from use of, or 
> reliance on, this
> information.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 



 




Copyright © Lexa Software, 1996-2009.