Apple QuickTime Color Table Remote Code Execution Vulnerability
BID:39139
Info
Apple QuickTime Color Table Remote Code Execution Vulnerability
| Bugtraq ID: | 39139 |
| Class: | Unknown |
| CVE: |
CVE-2010-0528 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2010 12:00AM |
| Updated: | Mar 30 2010 12:00AM |
| Credit: | anonymous working with TippingPoint's Zero Day Initiative |
| Vulnerable: |
Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.6 |
| Not Vulnerable: |
Apple QuickTime Player 7.6.6 |
Discussion
Apple QuickTime Color Table Remote Code Execution Vulnerability
Apple QuickTime is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data when viewing movie files.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, and XP.
NOTE: This issue was previously covered in 39087 (Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities) but has been assigned its own record to better document it.
Apple QuickTime is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data when viewing movie files.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, and XP.
NOTE: This issue was previously covered in 39087 (Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities) but has been assigned its own record to better document it.
Exploit / POC
Apple QuickTime Color Table Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple QuickTime Color Table Remote Code Execution Vulnerability
Solution:
The vendor has released an advisory and fixes. Please see the references for details.
Solution:
The vendor has released an advisory and fixes. Please see the references for details.
References
Apple QuickTime Color Table Remote Code Execution Vulnerability
References:
References:
- Apple QuickTime Homepage (Apple)