English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.901017
Category:Buffer overflow
Title:Apple QuickTime Multiple Vulnerabilities - Sep09
Summary:Check for the version of Apple QuickTime
Description:
Overview: The host is installed with Apple QuickTime and is prone to
multiple vulnerabilities.

Vulnerability Insight:
- A memory corruption issue exists when handling 'H.264' movie files.
- An error in the parsing of 'MPEG-4' video files which causes buffer
overflow.
- An integer overflow error when processing the 'SectorShift' and 'cSectFat'
fields of a FlashPix file header. This can be exploited to cause a
heap-based buffer overflow via a specially crafted FlashPix '.fpx' file.
- A boundary error exists when processing samples from a 'H.264' encoded MOV
file. This can be exploited to cause a heap-based buffer overflow via a
specially crafted 'MOV' file.

Impact:
Successful exploitation could allow attackers to execute arbitrary code in the
context of an affected application, and can cause Denial of Service.

Impact Level: Application

Affected Software/OS:
Apple QuickTime before 7.6.4 on Windows.

Fix: Upgrade to Apple QuickTime version 7.6.4 or later,
http://www.apple.com/quicktime/download/

References:
http://support.apple.com/kb/HT3859
http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html
Cross-Ref: BugTraq ID: 36328
Common Vulnerability Exposure (CVE) ID: CVE-2009-2202
http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://www.securityfocus.com/bid/36328
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5467
http://www.vupen.com/english/advisories/2009/3184
XForce ISS Database: quicktime-h264movie-code-execution(53127)
http://xforce.iss.net/xforce/xfdb/53127
Common Vulnerability Exposure (CVE) ID: CVE-2009-2203
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5672
Common Vulnerability Exposure (CVE) ID: CVE-2009-2798
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6258
Common Vulnerability Exposure (CVE) ID: CVE-2009-2799
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6405
CopyrightCopyright (C) 2009 SecPod

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.