Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900121
Category:General
Title:Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
Summary:This host has Apple QuickTime installed, which is prone to multiple; vulnerabilities.
Description:Summary:
This host has Apple QuickTime installed, which is prone to multiple
vulnerabilities.

Vulnerability Insight:
The flaws exist due to:

- an uninitialized memory access inn the Indeo v5 codec and lack of
proper bounds checking within QuickTimeInternetExtras.qtx file.

- improper handling of panorama atoms in QTVR movie files.

- improper handling of maxTilt, minFieldOfView and maxFieldOfView
parameters in panorama track PDAT atoms.

- an uninitialized memory access in the third-party Indeo v5 codec.

- an invalid pointer in handling of PICT images.

- memory corruption in handling of STSZ atoms in movie files within
CallComponentFunctionWithStorage() function.

- multiple memory corruption in H.264 encoded movie files.

- parsing of movie video files in QuickTimeH264.scalar and MP4 video
files in QuickTimeH264.qtx.

Vulnerability Impact:
Successful exploitation could allow remote attackers to gain
unauthorized access to execute arbitrary code and trigger a denial of service condition.

Affected Software/OS:
Apple QuickTime versions prior to 7.5.5 on Windows (all).

Solution:
Upgrade to version 7.5.5.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 31086
Common Vulnerability Exposure (CVE) ID: CVE-2008-3615
http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html
http://www.securityfocus.com/bid/31086
Bugtraq: 20080915 Critical Vulnerability in Apple Quicktimeâ??s Indeo Codec (Google Search)
http://www.securityfocus.com/archive/1/496358/100/0/threaded
http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/
http://securitytracker.com/id?1020841
http://secunia.com/advisories/31821
http://www.vupen.com/english/advisories/2008/2527
Common Vulnerability Exposure (CVE) ID: CVE-2008-3635
Bugtraq: 20080909 ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496201/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-057/
Common Vulnerability Exposure (CVE) ID: CVE-2008-3624
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16124
Common Vulnerability Exposure (CVE) ID: CVE-2008-3625
Bugtraq: 20080909 ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496161/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-058/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935
Common Vulnerability Exposure (CVE) ID: CVE-2008-3614
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Cert/CC Advisory: TA08-260A
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15851
http://www.securitytracker.com/id?1020879
http://secunia.com/advisories/31882
http://www.vupen.com/english/advisories/2008/2584
Common Vulnerability Exposure (CVE) ID: CVE-2008-3626
http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html
BugTraq ID: 31546
http://www.securityfocus.com/bid/31546
Bugtraq: 20080909 ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=122099929821288&w=2
http://www.zerodayinitiative.com/advisories/ZDI-08-059/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16152
http://secunia.com/advisories/32121
http://www.vupen.com/english/advisories/2008/2735
Common Vulnerability Exposure (CVE) ID: CVE-2008-3627
Bugtraq: 20080909 ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496163/100/0/threaded
Bugtraq: 20080909 ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496175/100/0/threaded
Bugtraq: 20080909 ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/496176/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-060/
http://www.zerodayinitiative.com/advisories/ZDI-08-061/
http://www.zerodayinitiative.com/advisories/ZDI-08-062/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16164
Common Vulnerability Exposure (CVE) ID: CVE-2008-3628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15841
Common Vulnerability Exposure (CVE) ID: CVE-2008-3629
BugTraq ID: 31548
http://www.securityfocus.com/bid/31548
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16019
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.