BID:23650

Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow Vulnerability

Info

Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow Vulnerability

Bugtraq ID:	23650
Class:	Boundary Condition Error
CVE:	CVE-2007-2295
Remote:	Yes
Local:	No
Published:	Apr 25 2007 12:00AM
Updated:	Jul 12 2007 04:07AM
Credit:	Tom Ferris is credited with the discovery of this issue.
Vulnerable:	Apple QuickTime Player 7.1.5 Apple QuickTime Player 7.1.4 Apple QuickTime Player 7.1.3 Apple QuickTime Player 7.1.2 Apple QuickTime Player 7.1.1 Apple QuickTime Player 7.1 Apple Mac OS X 10.4.9 Apple Mac OS X 10.3.9

Not Vulnerable:	Apple QuickTime Player 7.2

Discussion

Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow Vulnerability

Apple QuickTime is prone to a heap buffer-overflow issue because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

Exploit / POC

Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow Vulnerability

To exploit this issue, an attacker must entice a victim to open a maliciously crafted MOV file.

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow Vulnerability

Solution:
Apple security advisory APPLE-SA-2007-07-11 and updates are available; please see the reference section for details.

Apple QuickTime Player 7.1