var-200512-0611
Vulnerability from variot
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. These issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. Successful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. This issue may be triggered when the application processes a malformed movie (.MOV) file. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts.
This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
Technical Details: Technical Description: The code in QuickTime.qts responsible for the size of the Sample Description Table entries from the 'stsd' atom in a QuickTime-format movie on the heap. According to developer.apple.com, the format of the Sample Description Atom is as follows:
Field Description
Size 32-bit int Data Format 4 char code Reserved 6 bytes that must be 0 Data Reference Index 16-bit int Hint Track Version 16-bit unsigned int Last compatible hint track version 16-bit unsigned int Max Packet Size 32-bit int Additional Data Table Variable
By setting the size of the Sample Description Table to a size of 00 15 - 00 D0 will cause a heap-based overflow. By supplying the "Last compatible hint track version" field with the value of 00 05 - 00 09, an insufficiently-sized heap block will be allocated, resulting in a classic complete heap memory overwrite during the RtlAllocateHeap() function and the attacker can control memory with data taken from the filename of the .MOV file. This vulnerability can be successfully exploited via an embedded media player in an HTML page, email, or HTML link.
References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html
Protection: Retina Network Security Scanner has been updated to identify this vulnerability.
Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-4092.
Credit: Discovery: Karl Lynn
Greetings: 0x41414141
Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.
Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-011A
Apple QuickTime Vulnerabilities
Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000
Overview
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
I. (CAN-2005-3713)
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes.
III. Solution
Upgrade
Upgrade to QuickTime 7.0.4.
Appendix A. References
* US-CERT Vulnerability Note VU#629845 -
<http://www.kb.cert.org/vuls/id/629845>
* US-CERT Vulnerability Note VU#921193 -
<http://www.kb.cert.org/vuls/id/921193>
* US-CERT Vulnerability Note VU#115729 -
<http://www.kb.cert.org/vuls/id/115729>
* US-CERT Vulnerability Note VU#150753 -
<http://www.kb.cert.org/vuls/id/150753>
* US-CERT Vulnerability Note VU#913449 -
<http://www.kb.cert.org/vuls/id/913449>
* CVE-2005-2340 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340>
* CVE-2005-4092 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092>
* CVE-2005-3707 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707>
* CVE-2005-3710 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710>
* CVE-2005-3713 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713>
* Security Content for QuickTime 7.0.4 -
<http://docs.info.apple.com/article.html?artnum=303101>
* QuickTime 7.0.4 -
<http://www.apple.com/support/downloads/quicktime704.html>
* About the Mac OS X 10.4.4 Update (Delta) -
<http://docs.info.apple.com/article.html?artnum=302810>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-011A Feedback VU#913449" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0611", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 4.0, "vendor": "apple computer", "version": null }, { "model": "itunes", "scope": "eq", "trust": 1.9, "vendor": "apple", "version": "6.0.1" }, { "model": "quicktime", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.0.3" }, { "model": "mac os x", "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": "windows 2000", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "windows xp", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "sp3" }, { "model": "quicktime player", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "7.0.3" }, { "model": "quicktime player", "scope": "ne", "trust": 0.6, "vendor": "apple", "version": "7.0.4" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.5.2" }, { "model": "quicktime player", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.4" }, { "model": "quicktime alternative", "scope": "eq", "trust": 0.3, "vendor": "free codecs com", "version": "1.67" }, { "model": "esignal", "scope": "ne", "trust": 0.3, "vendor": "esignal", "version": "6.0.2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#921193" }, { "db": "CERT/CC", "id": "VU#629845" }, { "db": "CERT/CC", "id": "VU#115729" }, { "db": "CERT/CC", "id": "VU#150753" }, { "db": "CERT/CC", "id": "VU#913449" }, { "db": "BID", "id": "16202" }, { "db": "BID", "id": "15732" }, { "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "db": "CNNVD", "id": "CNNVD-200512-165" }, { "db": "NVD", "id": "CVE-2005-4092" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_2000", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_xp", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000858" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Karl Lynn0x41414141Tom Ferris tommy@security-protocols.com", "sources": [ { "db": "CNNVD", "id": "CNNVD-200512-165" } ], "trust": 0.6 }, "cve": "CVE-2005-4092", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2005-4092", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-15300", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2005-4092", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#921193", "trust": 0.8, "value": "43.88" }, { "author": "CARNEGIE MELLON", "id": "VU#629845", "trust": 0.8, "value": "18.23" }, { "author": "CARNEGIE MELLON", "id": "VU#115729", "trust": 0.8, "value": "3.85" }, { "author": "CARNEGIE MELLON", "id": "VU#150753", "trust": 0.8, "value": "32.63" }, { "author": "CARNEGIE MELLON", "id": "VU#913449", "trust": 0.8, "value": "3.85" }, { "author": "CNNVD", "id": "CNNVD-200512-165", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-15300", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#921193" }, { "db": "CERT/CC", "id": "VU#629845" }, { "db": "CERT/CC", "id": "VU#115729" }, { "db": "CERT/CC", "id": "VU#150753" }, { "db": "CERT/CC", "id": "VU#913449" }, { "db": "VULHUB", "id": "VHN-15300" }, { "db": "CNNVD", "id": "CNNVD-200512-165" }, { "db": "NVD", "id": "CVE-2005-4092" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. Apple\u0027s QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime\u0027s handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. \nThese issues arise when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. \nSuccessful exploits of these issues may allow remote attackers to trigger a denial-of-service condition or to gain unauthorized access. This issue affects both Mac OS X and Microsoft Windows releases of the software. \nThis issue may be triggered when the application processes a malformed movie (.MOV) file. \nSuccessful exploitation will result in execution of arbitrary code in the context of the currently logged in user. \nThis issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected. Multiple buffer overflow vulnerabilities exist in QuickTime.qts. \n\nThis specific flaw exists within the QuickTime.qts file which many\napplications access QuickTime\u0027s functionality through. By specially\ncrafting atoms within a movie file, a direct heap overwrite is\ntriggered, and reliable code execution is then possible. \n\nTechnical Details:\nTechnical Description:\nThe code in QuickTime.qts responsible for the size of the Sample\nDescription Table entries from the \u0027stsd\u0027 atom in a QuickTime-format\nmovie on the heap. According to developer.apple.com, the format of the\nSample Description Atom is as follows:\n\nField\t \t Description\n----------------------------------------------------------------\nSize\t\t\t\t\t32-bit int\nData Format\t\t\t\t4 char code\nReserved\t\t\t\t6 bytes that must be 0\nData Reference Index \t\t16-bit int\nHint Track Version \t\t16-bit unsigned int\nLast compatible hint track version \t16-bit unsigned int\nMax Packet Size\t\t\t\t32-bit int\nAdditional Data Table\t\t\tVariable\n\nBy setting the size of the Sample Description Table to a size of 00 15 -\n00 D0 will cause a heap-based overflow. By supplying the \"Last\ncompatible hint track version\" field with the value of 00 05 - 00 09, an\ninsufficiently-sized heap block will be allocated, resulting in a\nclassic complete heap memory overwrite\nduring the RtlAllocateHeap() function and the attacker can control\nmemory with data taken from the filename of the .MOV file. This\nvulnerability can be successfully exploited via an embedded media player\nin an HTML page, email, or HTML link. \n\nReferences\nQuickTime: QuickTime File Format\nhttp://developer.apple.com/documentation/QuickTime/QTFF/index.html\n\nProtection:\nRetina Network Security Scanner has been updated to identify this\nvulnerability. \n\nVendor Status:\nApple has released a patch for this vulnerability. The patch is\navailable via the Updates section of the affected applications. \nThis vulnerability has been assigned the CVE identifier CVE-2005-4092. \n\nCredit:\nDiscovery: Karl Lynn\n\nGreetings:\n0x41414141\n\nCopyright (c) 1998-2006 eEye Digital Security\nPermission is hereby granted for the redistribution of this alert\nelectronically. It is not to be edited in any way without express\nconsent of eEye. If you wish to reprint the whole or any part of this\nalert in any other medium excluding electronic medium, please email\nalert@eEye.com for permission. \n\nDisclaimer\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare no warranties, implied or express, with regard to this information. \nIn no event shall the author be liable for any direct or indirect\ndamages whatsoever arising out of or in connection with the use or\nspread of this information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n \n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-011A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: January 11, 2006\n Last revised: January 11, 2006\n Source: US-CERT\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows XP\n * Microsoft Windows 2000\n\n\nOverview\n\n Apple has released QuickTime 7.0.4 to correct multiple\n vulnerabilities. The impacts of these vulnerabilities include\n execution of arbitrary code and denial of service. \n\n\nI. \n (CAN-2005-3713)\n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. For information about\n specific impacts, please see the Vulnerability Notes. \n\n\nIII. Solution\n\nUpgrade\n\n Upgrade to QuickTime 7.0.4. \n\n\nAppendix A. References\n\n * US-CERT Vulnerability Note VU#629845 -\n \u003chttp://www.kb.cert.org/vuls/id/629845\u003e\n\n * US-CERT Vulnerability Note VU#921193 -\n \u003chttp://www.kb.cert.org/vuls/id/921193\u003e\n\n * US-CERT Vulnerability Note VU#115729 -\n \u003chttp://www.kb.cert.org/vuls/id/115729\u003e\n\n * US-CERT Vulnerability Note VU#150753 -\n \u003chttp://www.kb.cert.org/vuls/id/150753\u003e\n\n * US-CERT Vulnerability Note VU#913449 -\n \u003chttp://www.kb.cert.org/vuls/id/913449\u003e\n\n * CVE-2005-2340 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340\u003e\n\n * CVE-2005-4092 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092\u003e\n\n * CVE-2005-3707 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707\u003e\n\n * CVE-2005-3710 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710\u003e\n\n * CVE-2005-3713 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713\u003e\n\n * Security Content for QuickTime 7.0.4 -\n \u003chttp://docs.info.apple.com/article.html?artnum=303101\u003e\n\n * QuickTime 7.0.4 -\n \u003chttp://www.apple.com/support/downloads/quicktime704.html\u003e\n\n * About the Mac OS X 10.4.4 Update (Delta) -\n \u003chttp://docs.info.apple.com/article.html?artnum=302810\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-011A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-011A Feedback VU#913449\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n\nRevision History\n\n January 11, 2006: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj\n34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey\nAdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/\nHpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL\nosieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy\n0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw==\n=5Kiq\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2005-4092" }, { "db": "CERT/CC", "id": "VU#921193" }, { "db": "CERT/CC", "id": "VU#629845" }, { "db": "CERT/CC", "id": "VU#115729" }, { "db": "CERT/CC", "id": "VU#150753" }, { "db": "CERT/CC", "id": "VU#913449" }, { "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "db": "BID", "id": "16202" }, { "db": "BID", "id": "15732" }, { "db": "VULHUB", "id": "VHN-15300" }, { "db": "PACKETSTORM", "id": "43058" }, { "db": "PACKETSTORM", "id": "43059" }, { "db": "PACKETSTORM", "id": "43062" } ], "trust": 6.12 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-15300", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-15300" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SECUNIA", "id": "18370", "trust": 4.9 }, { "db": "CERT/CC", "id": "VU#921193", "trust": 3.4 }, { "db": "NVD", "id": "CVE-2005-4092", "trust": 3.1 }, { "db": "USCERT", "id": "TA06-011A", "trust": 2.6 }, { "db": "BID", "id": "15732", "trust": 2.0 }, { "db": "CERT/CC", "id": "VU#629845", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#115729", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#150753", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#913449", "trust": 1.7 }, { "db": "SREASON", "id": "334", "trust": 1.7 }, { "db": "SREASON", "id": "336", "trust": 1.7 }, { "db": "SECUNIA", "id": "18149", "trust": 1.7 }, { "db": "SECTRACK", "id": "1015397", "trust": 1.7 }, { "db": "SECTRACK", "id": "1015396", "trust": 1.7 }, { "db": "SECTRACK", "id": "1015356", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2006-0128", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2005-3012", "trust": 1.7 }, { "db": "BID", "id": "16202", "trust": 1.1 }, { "db": "OSVDB", "id": "22337", "trust": 0.8 }, { "db": "SECTRACK", "id": "1015466", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2005-000858", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200512-165", "trust": 0.7 }, { "db": "CERT/CC", "id": "TA06-011A", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20060111 [EEYEB-20051117B] APPLE ITUNES (QUICKTIME.QTS) HEAP OVERFLOW", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20060111 [EEYEB-20051117A] APPLE QUICKTIME STSD ATOM HEAP OVERFLOW", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20060111 UPDATED ADVISORIES - INCORRECT CVE INFORMATION", "trust": 0.6 }, { "db": "APPLE", "id": "APPLE-SA-2006-01-10", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "43059", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "43058", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "43062", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-15300", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#921193" }, { "db": "CERT/CC", "id": "VU#629845" }, { "db": "CERT/CC", "id": "VU#115729" }, { "db": "CERT/CC", "id": "VU#150753" }, { "db": "CERT/CC", "id": "VU#913449" }, { "db": "VULHUB", "id": "VHN-15300" }, { "db": "BID", "id": "16202" }, { "db": "BID", "id": "15732" }, { "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "db": "PACKETSTORM", "id": "43058" }, { "db": "PACKETSTORM", "id": "43059" }, { "db": "PACKETSTORM", "id": "43062" }, { "db": "CNNVD", "id": "CNNVD-200512-165" }, { "db": "NVD", "id": "CVE-2005-4092" } ] }, "id": "VAR-200512-0611", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-15300" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T22:47:55.607000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Download the Standalone QuickTime Player", "trust": 0.8, "url": "http://www.apple.com/jp/quicktime/download/standalone.html" }, { "title": "TA23845", "trust": 0.8, "url": "http://support.apple.com/kb/TA23845?viewlocale=ja_JP" }, { "title": "TA06-011A", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-011a.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2005-000858" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-15300" }, { "db": "NVD", "id": "CVE-2005-4092" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.9, "url": "http://docs.info.apple.com/article.html?artnum=303101" }, { "trust": 3.2, "url": "http://secunia.com/advisories/18370/" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/921193" }, { "trust": 2.0, "url": "http://security-protocols.com/advisory/sp-x21-advisory.txt" }, { "trust": 1.9, "url": "http://www.security-protocols.com/modules.php?name=news\u0026file=article\u0026sid=3109" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/15732" }, { "trust": 1.7, "url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html" }, { "trust": 1.7, "url": "http://www.eeye.com/html/research/upcoming/20051117a.html" }, { "trust": 1.7, "url": "http://www.eeye.com/html/research/upcoming/20051117b.html" }, { "trust": 1.7, "url": "http://www.security-protocols.com/advisory/sp-x21-advisory.txt" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1015356" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1015396" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1015397" }, { "trust": 1.7, "url": "http://secunia.com/advisories/18149" }, { "trust": 1.7, "url": "http://secunia.com/advisories/18370" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/334" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/336" }, { "trust": 1.6, "url": "http://www.security-protocols.com/modules.php?name=news\u0026file=article\u0026sid=3133" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/421547/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/421635/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/421569/100/0/threaded" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2005/3012" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2006/0128" }, { "trust": 0.8, "url": "http://www.eeye.com/html/research/advisories/ad20060111a.html" }, { "trust": 0.8, "url": "about vulnerability notes" }, { "trust": 0.8, "url": "contact us about this vulnerability" }, { "trust": 0.8, "url": "provide a vendor statement" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/16202" }, { "trust": 0.8, "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=22337" }, { "trust": 0.8, "url": "http://www.eeye.com/html/research/advisories/ad20060111d.html" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2006/jan/1015466.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta06-011a/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-4092" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3707" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3710" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3713" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/629845" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/115729" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/150753" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/913449" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/421635/100/0/threaded" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/421569/100/0/threaded" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/421547/100/0/threaded" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/0128" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2005/3012" }, { "trust": 0.3, "url": "http://www.apple.com/quicktime/" }, { "trust": 0.3, "url": "/archive/1/421561" }, { "trust": 0.3, "url": "/archive/1/421566" }, { "trust": 0.3, "url": "/archive/1/421831" }, { "trust": 0.3, "url": "/archive/1/421799" }, { "trust": 0.3, "url": "http://www.free-codecs.com/download/quicktime_alternative.htm" }, { "trust": 0.3, "url": "/archive/1/421635" }, { "trust": 0.3, "url": "/archive/1/421569" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-4092" }, { "trust": 0.2, "url": "http://developer.apple.com/documentation/quicktime/qtff/index.html" }, { "trust": 0.1, "url": "" }, { "trust": 0.1, "url": "http://www.security-protocols.com/modules.php?name=news\u0026amp;file=article\u0026amp;sid=3109" }, { "trust": 0.1, "url": "http://www.security-protocols.com/modules.php?name=news\u0026amp;file=article\u0026amp;sid=3133" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/913449\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3710" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-4092\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3710\u003e" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/629845\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3713\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/techalerts/ta06-011a.html\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/signup.html\u003e." }, { "trust": 0.1, "url": "http://docs.info.apple.com/article.html?artnum=302810\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3707\u003e" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/115729\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2340\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3707" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/quicktime704.html\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2340" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/921193\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3713" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/150753\u003e" }, { "trust": 0.1, "url": "http://docs.info.apple.com/article.html?artnum=303101\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/legal.html\u003e" } ], "sources": [ { "db": "CERT/CC", "id": "VU#921193" }, { "db": "CERT/CC", "id": "VU#629845" }, { "db": "CERT/CC", "id": "VU#115729" }, { "db": "CERT/CC", "id": "VU#150753" }, { "db": "CERT/CC", "id": "VU#913449" }, { "db": "VULHUB", "id": "VHN-15300" }, { "db": "BID", "id": "16202" }, { "db": "BID", "id": "15732" }, { "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "db": "PACKETSTORM", "id": "43058" }, { "db": "PACKETSTORM", "id": "43059" }, { "db": "PACKETSTORM", "id": "43062" }, { "db": "CNNVD", "id": "CNNVD-200512-165" }, { "db": "NVD", "id": "CVE-2005-4092" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#921193" }, { "db": "CERT/CC", "id": "VU#629845" }, { "db": "CERT/CC", "id": "VU#115729" }, { "db": "CERT/CC", "id": "VU#150753" }, { "db": "CERT/CC", "id": "VU#913449" }, { "db": "VULHUB", "id": "VHN-15300" }, { "db": "BID", "id": "16202" }, { "db": "BID", "id": "15732" }, { "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "db": "PACKETSTORM", "id": "43058" }, { "db": "PACKETSTORM", "id": "43059" }, { "db": "PACKETSTORM", "id": "43062" }, { "db": "CNNVD", "id": "CNNVD-200512-165" }, { "db": "NVD", "id": "CVE-2005-4092" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-01-11T00:00:00", "db": "CERT/CC", "id": "VU#921193" }, { "date": "2006-01-11T00:00:00", "db": "CERT/CC", "id": "VU#629845" }, { "date": "2006-01-11T00:00:00", "db": "CERT/CC", "id": "VU#115729" }, { "date": "2006-01-11T00:00:00", "db": "CERT/CC", "id": "VU#150753" }, { "date": "2006-01-11T00:00:00", "db": "CERT/CC", "id": "VU#913449" }, { "date": "2005-12-08T00:00:00", "db": "VULHUB", "id": "VHN-15300" }, { "date": "2006-01-10T00:00:00", "db": "BID", "id": "16202" }, { "date": "2005-12-02T00:00:00", "db": "BID", "id": "15732" }, { "date": "2009-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "date": "2006-01-15T15:32:06", "db": "PACKETSTORM", "id": "43058" }, { "date": "2006-01-15T15:33:12", "db": "PACKETSTORM", "id": "43059" }, { "date": "2006-01-15T15:39:24", "db": "PACKETSTORM", "id": "43062" }, { "date": "2005-12-08T00:00:00", "db": "CNNVD", "id": "CNNVD-200512-165" }, { "date": "2005-12-08T11:03:00", "db": "NVD", "id": "CVE-2005-4092" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2006-01-12T00:00:00", "db": "CERT/CC", "id": "VU#921193" }, { "date": "2006-01-13T00:00:00", "db": "CERT/CC", "id": "VU#629845" }, { "date": "2006-01-11T00:00:00", "db": "CERT/CC", "id": "VU#115729" }, { "date": "2006-01-13T00:00:00", "db": "CERT/CC", "id": "VU#150753" }, { "date": "2006-01-31T00:00:00", "db": "CERT/CC", "id": "VU#913449" }, { "date": "2018-10-19T00:00:00", "db": "VULHUB", "id": "VHN-15300" }, { "date": "2008-05-01T18:56:00", "db": "BID", "id": "16202" }, { "date": "2006-01-11T18:56:00", "db": "BID", "id": "15732" }, { "date": "2009-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2005-000858" }, { "date": "2012-12-26T00:00:00", "db": "CNNVD", "id": "CNNVD-200512-165" }, { "date": "2024-11-21T00:03:29.537000", "db": "NVD", "id": "CVE-2005-4092" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "43058" }, { "db": "PACKETSTORM", "id": "43059" }, { "db": "CNNVD", "id": "CNNVD-200512-165" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple QuickTime fails to properly handle corrupt media files", "sources": [ { "db": "CERT/CC", "id": "VU#921193" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "16202" }, { "db": "BID", "id": "15732" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.