Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 06.03.2007
Published:09.03.2007
Source:
SecurityVulns ID:7349
Type:client
Threat Level:
6/10
Description:Integer overflows, buffer overflows and memory corruptions on different data formats parsing.
Affected:APPLE : QuickTime 7.1
CVE:CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.)
 CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.)
 CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.)
 CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.)
 CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.)
 CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.)
Original documentdocumentZDI, ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability (09.03.2007)
 documentReversemode, [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption (06.03.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-065A -- Apple Releases Security Updates for QuickTime (06.03.2007)
 documentSowhat ., [Full-disclosure] Apple QuickTime udta ATOM Integer Overflow (06.03.2007)
 documentPiotr Bania, [Full-disclosure] Apple QuickTime Player Remote Heap Overflow (06.03.2007)
 documentIDEFENSE, iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability (06.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod