1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP QuickTime UDTA Atom Integer BO

HTTP QuickTime UDTA Atom Integer BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit buffer overflow by sending crafted QuickTime movie file.

Additional Information

QuickTime Player is the media player distributed by Apple for QuickTime as well as other media files.

Multiple integer overflow and buffer overflow vulnerabilities affect QuickTime. These issues affect both Mac OS X and Microsoft Windows releases of the software.

Integer overflows can occur when a vulnerable application is used to view malicious JPEG images, QuickTime movies, H.264 movies, or FlashPix images.

Buffer overflows can occur when a vulnerable application is used to view malicious QuickTime movies, Flash movies, H.264 movies, MPEG4 movies, AVI movies, FPX files, or BMP images.

Malformed font information in a malicious PICT file can cause a stack-based overflow in QuickDraw.

Malformed image data in a malicious PICT file can cause a heap overflow in QuickDraw.

Successful exploits will result in execution of arbitrary code in the context of the currently logged in user. Failed exploit attempts will likely result in denial-of-service conditions.

Affected

  • Apple QuickTime Player 6, 6.1, 6.5, 6.5.1, 6.5.2, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.1

Response

The vendor has released QuickTime version 7.1 to address these issues.


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube