Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability

Bugtraq ID:	39152
Class:	Boundary Condition Error
CVE:	CVE-2010-0520
Remote:	Yes
Local:	No
Published:	Mar 29 2010 12:00AM
Updated:	Sep 20 2010 06:41AM
Credit:	Moritz Jodeit of n.runs AG, working with TippingPoint's Zero Day Initiative; Nicols Joly of VUPEN Security
Vulnerable:	Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.6 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.6 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.6
Not Vulnerable:	Apple QuickTime Player 7.6.6 Apple Mac OS X Server 10.6.3 Apple Mac OS X 10.6.3

Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability

Apple QuickTime is prone to a heap-based buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data when parsing FLC encoded '.fli' movie files.

Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.

The following are vulnerable:
Mac OS X 10.6 prior to 10.6.3
Mac OS X Server 10.6 prior to 10.6.3
QuickTime 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7.

NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.

Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability

A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following exploit is available:

• /data/vulnerabilities/exploits/39152.py

Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability

Solution:
Updates are available; please see the references for details.


Apple Mac OS X 10.6

• Apple MacOSXUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple QuickTime Player 7.6

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple Mac OS X Server 10.6

• Apple MacOSXServerUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.1

• Apple MacOSXServerUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.1

• Apple MacOSXUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.2

• Apple MacOSXUpd10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.2

• Apple MacOSXServerUpd10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple QuickTime Player 7.6.1

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.6.2

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.6.4

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.6.5

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime FLC Encoded '.fli' Movie File Remote Heap Buffer Overflow Vulnerability

References:

• Apple QuickTime Homepage (Apple)
  
• Mac OS X Homepage (Apple)
  
• VUPEN Security Research - Apple Quicktime FLC Encoded Movie Heap Overflow Vulner ("VUPEN Security Research" )
  
• ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability (ZDI Disclosures )
  
• ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability (Zero Day Initiative)