Apple QuickTime / iTunes multiple vulnerabilities updated since 12.01.2006
Published:		12.05.2007
Source:		BUGTRAQ
SecurityVulns ID:		5620
Type:		client
Level:		6/10
Description:		Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing.

Affected:		APPLE : QuickTime 7.0
CVE:		CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.)

Original document		3COM, TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability (12.05.2007)
		Fortinet Research, [VulnWatch] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow (13.01.2006)
		Fortinet Research, [VulnWatch] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability" (13.01.2006)
		Fortinet Research, [VulnWatch] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability" (13.01.2006)
		Fortinet Research, [VulnWatch] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability (13.01.2006)
		Fortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces (13.01.2006)
		Fortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability (13.01.2006)
		CERT, US-CERT Technical Cyber Security Alert TA06-011A -- Apple QuickTime Vulnerabilities (12.01.2006)
		EEYE, [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow (12.01.2006)
		EEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006)
		EEYE, [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow (12.01.2006)
		EEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006)

Discuss:

Read or add your comments to this news (0 comments)