Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
BID:17074
Info
Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
| Bugtraq ID: | 17074 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1249 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 11 2006 12:00AM |
| Updated: | May 15 2006 09:49PM |
| Credit: | The vendor disclosed these vulnerabilities. |
| Vulnerable: |
eSignal eSignal 6.0.2 Apple QuickTime Player 7.0.4 Apple QuickTime Player 7.0.3 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple iTunes 6.0.1 |
| Not Vulnerable: |
Apple QuickTime Player 7.1 |
Discussion
Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
Two vulnerabilities have been reported in Apple QuickTime and iTunes:
- an integer overflow
- a heap-based buffer overflow
These issues affect both Mac OS X and Microsoft Windows releases of the software.
A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.
Two vulnerabilities have been reported in Apple QuickTime and iTunes:
- an integer overflow
- a heap-based buffer overflow
These issues affect both Mac OS X and Microsoft Windows releases of the software.
A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.
Exploit / POC
Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
Solution:
The vendor has released QuickTime version 7.1 to address this and other issues.
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.4
Solution:
The vendor has released QuickTime version 7.1 to address this and other issues.
Apple QuickTime Player 7.0.3
-
Apple QuickTime 7.1
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=09374&cat= 1&platform=osx&method=sa/mac.html
Apple QuickTime Player 7.0.4
References
Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
References:
References:
- About the security content of the QuickTime 7.1 Update (Apple)
- Apple QuickTime Homepage (Apple)
- EEYEB-20060307b (eEye Digital Security )
- iTunes Homepage (Apple)