Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28082
HistoryMay 21, 2012 - 12:00 a.m.

Apple Quicktime Memory Corruption (CVE-2012-0671)

2012-05-2100:00:00
vulners.com
16
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Qualys Vulnerability & Malware Research Labs (VMRL)
http://www.qualys.com
http://www.dissect.pe

Memory corruption when Apple Quicktime parsers .pct file
CVE-2012-0671

INTRODUCTION

Apple Quicktime does not properly parse .pct media files, which causes
a corruption in module DllMain by opening a malformed file with an
invalid value located in PoC repro01.pct at offset 0x20E.

This problem was confirmed in the following versions of Quicktime and
Windows, other versions may be also affected.

Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR.

Apple addressed the vulnerability in the May's Quicktime Patchset
(http://support.apple.com/kb/HT1222)

CVSS Scoring System

The CVSS score is: 8.6
Base Score: 10
Temporal Score: 8.6
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal score is: E:POC/RL:U/RC:UR

TRIGGERING THE PROBLEM

To trigger the problem a PoC file (repro01.pct) is available to
interested parties.

DETAILS

(f28.c24): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=02a70000 ebx=04402c68 ecx=98b1cc15 edx=00000004 esi=00000000
edi=088a5000
eip=6682ead8 esp=0012bfa8 ebp=00000001 iopl=0 nv up ei pl nz
ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00210216
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\Arquivos de programas\QuickTime\QTSystem\QuickTime.qts -
QuickTime!DllMain+0x2d068:
6682ead8 668907 mov word ptr [edi],ax
ds:0023:088a5000=???
0:000> !exploitable
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at
QuickTime!DllMain+0x000000000002d068 (Hash=0x0e483076.0x0e507376)
User mode write access violations that are not near NULL are exploitable.

CREDITS

This vulnerability was discovered by Rodrigo Rubira Branco
(http://twitter.com/bsdaemon) from the Qualys Vulnerability & Malware
Research Labs (VMRL).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+yvggACgkQRpuC3B/O3qHFUQCfSKJq4wrKYqDLU7fD6wfB3799
rFYAn2bkvPpcY0jsE+tuP2B7E/6rltxX
=sKVJ
-----END PGP SIGNATURE-----

Related

cve 1
checkpoint_advisories 1
prion 1
seebug 1
nessus 5
openvas 4
securityvulns 4
cve
cve
CVE-2012-0671
2012-05-16 10:12:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime PICT File Processing Memory Corruption (CVE-2012-0671)
2012-10-14 00:00:00
prion
prion
Memory corruption
2012-05-16 10:12:00
seebug
seebug
Apple QuickTime 7.7.2δΉ‹ε‰η‰ˆζœ¬ε€šδΈͺθΏœη¨‹δ»»ζ„δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-05-17 00:00:00
nessus
nessus
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities
2012-05-18 00:00:00
QuickTime < 7.7.2 Multiple Vulnerabilities (Windows)
2012-05-16 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities - (Windows)
2012-05-18 00:00:00
Apple QuickTime Multiple Vulnerabilities - (Windows)
2012-05-18 00:00:00
Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
2012-09-25 00:00:00
securityvulns
securityvulns
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
2012-05-21 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-10-01 00:00:00
Apple QuickTime multiple security vulnerabilities
2012-08-27 00:00:00
JSON
Related for SECURITYVULNS:DOC:28082
cve1checkpoint_advisories1prion1seebug1nessus5openvas4securityvulns4