Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
BID:21829
Info
Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21829 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0015 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 01 2007 12:00AM |
| Updated: | Nov 15 2007 12:36AM |
| Credit: | LMH is credited with the discovery of this issue. |
| Vulnerable: |
Apple QuickTime Player 7.1.3 Apple QuickTime Player 7.0.4 |
| Not Vulnerable: | |
Discussion
Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.
Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code.
QuickTime 7.1.3 is vulnerable to this issue; other versions may also be affected.
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.
Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code.
QuickTime 7.1.3 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Reports indicate this issue is being actively exploited in the wild.
The following exploits are available:
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Reports indicate this issue is being actively exploited in the wild.
The following exploits are available:
Solution / Fix
Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
Solution:
The vendor has released updates to address this issue.
NOTE: Reports indicate that the Windows QuickTime software update will not fix this issue. Users are required to manually patch the affected software from a separately installed updater tool.
Please see the references for more information.
Apple QuickTime Player 7.1.3
Solution:
The vendor has released updates to address this issue.
NOTE: Reports indicate that the Windows QuickTime software update will not fix this issue. Users are required to manually patch the affected software from a separately installed updater tool.
Please see the references for more information.
Apple QuickTime Player 7.1.3
-
Apple SecUpd2007-001Pan.dmg
Security Update 2007-001 (Panther)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12687&cat= 57&platform=osx&method=sa/SecUpd2007-001Pan.dmg -
Apple SecUpd2007-001Ti.dmg
Security Update 2007-001 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12686&cat= 57&platform=osx&method=sa/SecUpd2007-001Ti.dmg
References
Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability
References:
References:
- About Security Update 2007-001 (Apple)
- Apple QuickTime Homepage (Apple)
- MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow (MoAB)
- CVE-2007-015 (MOAB-01-01-07) Patched on OS X Only (.:Computer Defense:.)