var-200609-0309
Vulnerability from variot
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-256A
Apple QuickTime Vulnerabilities
Original release date: September 13, 2006 Last revised: -- Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes.
II. For further information, please see the Vulnerability Notes.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.1.3. This and other updates for Mac OS X are available via Apple Update.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.1.3 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_713>
* About the security content of the QuickTime 7.1.3 Update -
<http://docs.info.apple.com/article.html?artnum=304357>
* Apple QuickTime 7.1.3 -
<http://www.apple.com/support/downloads/quicktime713.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-256A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-256A Feedback VU#540348" in the subject.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
September 13, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO 8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s FzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa m19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE pZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG R59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg== =nQVd -----END PGP SIGNATURE----- .
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21893
VERIFY ADVISORY: http://secunia.com/advisories/21893/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
2) A boundary error within the processing of QuickTime movies can be exploited to cause a buffer overflow.
3) A boundary error within the processing of FLC movies can be exploited to cause a heap-based buffer overflow via a FLC movie with a specially crafted COLOR_64 chunk.
4) Errors within the processing of FlashPix files can be exploited to cause an integer overflow or buffer overflow.
5) An error within the processing of FlashPix files can be exploited to trigger an exception leaving an uninitialised object.
6) A boundary error within the processing of SGI images can be exploited to cause a buffer overflow.
SOLUTION: Update to version 7.1.3. http://www.apple.com/quicktime/download/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Sowhat of Nevis Labs, Mike Price of McAfee AVERT Labs, and Piotr Bania. 2) Mike Price of McAfee AVERT Labs. 3) Mike Price of McAfee AVERT Labs and Ruben Santamarta. 4) Mike Price of McAfee AVERT Labs. 5) Mike Price of McAfee AVERT Labs. 6) Mike Price of McAfee AVERT Labs
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=304357
iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=413
Reverse Mode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=25
Piotr Bania: http://pb.specialised.info/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "media-libs/win32codecs 20071007-r2",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sowhat smaillist@gmail.com Mike PricePiotr Bania bania.piotr@gmail.com Ruben Santamarta ruben@reversemode.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
}
],
"trust": 0.6
},
"cve": "CVE-2006-4381",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2006-4381",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-20489",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4381",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#489836",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308204",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#200316",
"trust": 0.8,
"value": "0.08"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#683700",
"trust": 0.8,
"value": "2.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#554252",
"trust": 0.8,
"value": "27.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#540348",
"trust": 0.8,
"value": "27.00"
},
{
"author": "NVD",
"id": "CVE-2006-4381",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-160",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20489",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20489"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. Apple QuickTime fails to properly handle SGI images. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-256A\n\n\nApple QuickTime Vulnerabilities\n\n Original release date: September 13, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Apple QuickTime on systems running\n\n * Apple Mac OS X\n * Microsoft Windows\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities. \n\n\nI. Since QuickTime configures most web browsers to\n handle QuickTime media files, an attacker could exploit these\n vulnerabilities using a web page. \n\n Note that QuickTime ships with Apple iTunes. \n\n For more information, please refer to the Vulnerability Notes. \n\n\nII. For further information, please see\n the Vulnerability Notes. \n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.1.3. This and other updates for Mac OS X are\n available via Apple Update. \n\nDisable QuickTime in your web browser\n\n An attacker may be able to exploit this vulnerability by persuading\n a user to access a specially crafted file with a web\n browser. Disabling QuickTime in your web browser will defend\n against this attack vector. For more information, refer to the\n Securing Your Web Browser document. \n\n\nReferences\n\n * Vulnerability Notes for QuickTime 7.1.3 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=QuickTime_713\u003e\n\n * About the security content of the QuickTime 7.1.3 Update -\n \u003chttp://docs.info.apple.com/article.html?artnum=304357\u003e\n\n * Apple QuickTime 7.1.3 -\n \u003chttp://www.apple.com/support/downloads/quicktime713.html\u003e\n\n * Standalone Apple QuickTime Player -\n \u003chttp://www.apple.com/quicktime/download/standalone.html\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-256A.html\u003e\n ____________________________________________________________________\n \n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-256A Feedback VU#540348\" in the\n subject. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n \n\n Revision History\n\n September 13, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRQg23exOF3G+ig+rAQK7LggAt0RUIz3jewgQYrRYp9bMDBkS61Bvh2OO\n8Gp2H472UXA0ucElK/1hAXtPXU2Pmf/EjrCqSImO+srV4i0x5QIFJDo41HtbDo9s\nFzQC/rmJ3YWl15L+uIjG0S1wxWwH5GyzQj4xaZCMdNLYEN7LVe31ETDsXJ3kEMMa\nm19M4GLOXAFfmjyGgky4Nux0RJU1UE/0w9pZESOXg+7WXFY8skOZ8YfqBvunjqtE\npZa3LWoOcDtP/ORoEn7GY83v/uQqkX8uoAxwe9nuGXbyssvj7BQxDPvnwSWrXzUG\nR59/r1NA4i/EtYNV1ONW2Pntqc5/vv0OGcs1JFM9tazV3aRbgHfCVg==\n=nQVd\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21893\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21893/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple QuickTime, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\n2) A boundary error within the processing of QuickTime movies can be\nexploited to cause a buffer overflow. \n\n3) A boundary error within the processing of FLC movies can be\nexploited to cause a heap-based buffer overflow via a FLC movie with\na specially crafted COLOR_64 chunk. \n\n4) Errors within the processing of FlashPix files can be exploited to\ncause an integer overflow or buffer overflow. \n\n5) An error within the processing of FlashPix files can be exploited\nto trigger an exception leaving an uninitialised object. \n\n6) A boundary error within the processing of SGI images can be\nexploited to cause a buffer overflow. \n\nSOLUTION:\nUpdate to version 7.1.3. \nhttp://www.apple.com/quicktime/download/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Sowhat of Nevis Labs, Mike Price of McAfee AVERT Labs, and Piotr\nBania. \n2) Mike Price of McAfee AVERT Labs. \n3) Mike Price of McAfee AVERT Labs and Ruben Santamarta. \n4) Mike Price of McAfee AVERT Labs. \n5) Mike Price of McAfee AVERT Labs. \n6) Mike Price of McAfee AVERT Labs\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=304357\n\niDEFENSE:\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=413\n\nReverse Mode:\nhttp://www.reversemode.com/index.php?option=com_remository\u0026Itemid=2\u0026func=fileinfo\u0026id=25\n\nPiotr Bania:\nhttp://pb.specialised.info/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4381"
},
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "VULHUB",
"id": "VHN-20489"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "49979"
}
],
"trust": 6.48
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "21893",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2006-4381",
"trust": 2.8
},
{
"db": "BID",
"id": "19976",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1016830",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28774",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3577",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1551",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#308204",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#200316",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#683700",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#554252",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#540348",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA06-256A",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#489836",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-160",
"trust": 0.7
},
{
"db": "XF",
"id": "28928",
"trust": 0.6
},
{
"db": "XF",
"id": "264",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2006-09-12",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060912 APPLE QUICKTIME H.264 INTEGER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-20489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49979",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20489"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "49979"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"id": "VAR-200609-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20489"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:05:41.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2006-09-12",
"trust": 0.8,
"url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://docs.info.apple.com/article.html?artnum=304357"
},
{
"trust": 4.1,
"url": "http://secunia.com/advisories/21893/"
},
{
"trust": 3.2,
"url": "http://www.apple.com/support/downloads/quicktime713.html"
},
{
"trust": 3.2,
"url": "http://www.apple.com/quicktime/download/standalone.html"
},
{
"trust": 3.2,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2006/sep/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19976"
},
{
"trust": 1.7,
"url": "http://secway.org/advisory/ad20060912.txt"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28774"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21893"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1551"
},
{
"trust": 1.1,
"url": "http://piotrbania.com/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/445830/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28928"
},
{
"trust": 0.9,
"url": "http://www.apple.com/quicktime/download/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/before_you_plug_in.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4381"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4381"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/445830/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3577"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28928"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/200316"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/540348"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/554252"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/683700"
},
{
"trust": 0.3,
"url": "/archive/1/445830"
},
{
"trust": 0.3,
"url": "/archive/1/445831"
},
{
"trust": 0.3,
"url": "/archive/1/445888"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304357\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/quicktime713.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/standalone.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=quicktime_713\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-256a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=413"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://www.reversemode.com/index.php?option=com_remository\u0026itemid=2\u0026func=fileinfo\u0026id=25"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://pb.specialised.info/all/adv/quicktime-integer-overflow-h264-adv-7.1.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20489"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "49979"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#489836"
},
{
"db": "CERT/CC",
"id": "VU#308204"
},
{
"db": "CERT/CC",
"id": "VU#200316"
},
{
"db": "CERT/CC",
"id": "VU#683700"
},
{
"db": "CERT/CC",
"id": "VU#554252"
},
{
"db": "CERT/CC",
"id": "VU#540348"
},
{
"db": "VULHUB",
"id": "VHN-20489"
},
{
"db": "BID",
"id": "19976"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"db": "PACKETSTORM",
"id": "50016"
},
{
"db": "PACKETSTORM",
"id": "49979"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-14T00:00:00",
"db": "CERT/CC",
"id": "VU#489836"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2006-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-20489"
},
{
"date": "2006-09-12T00:00:00",
"db": "BID",
"id": "19976"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"date": "2006-09-14T07:23:59",
"db": "PACKETSTORM",
"id": "50016"
},
{
"date": "2006-09-13T17:03:55",
"db": "PACKETSTORM",
"id": "49979"
},
{
"date": "2006-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"date": "2006-09-12T23:07:00",
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-14T00:00:00",
"db": "CERT/CC",
"id": "VU#489836"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#308204"
},
{
"date": "2006-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#200316"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#683700"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#554252"
},
{
"date": "2006-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#540348"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-20489"
},
{
"date": "2008-03-04T23:32:00",
"db": "BID",
"id": "19976"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001144"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-160"
},
{
"date": "2024-11-21T00:15:49.320000",
"db": "NVD",
"id": "CVE-2006-4381"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime fails to properly handle FLC movies",
"sources": [
{
"db": "CERT/CC",
"id": "VU#489836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-160"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…