Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow

from [TSRT] Network Security [Permanent Link]
Subject: [Full-disclosure] TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability
Date: Thu, 10 May 2007 17:18:28 -0700 
TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-07-07
May 10, 2007

-- CVE ID:
CVE-2007-0754

-- Affected Vendor:
Apple

-- Affected Products:
QuickTime Player 7.x

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since January 31, 2006 by Digital Vaccine protection
filter ID 4109. For further product information on the TippingPoint IPS:

    http://www.tippingpoint.com 

-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Apple Quicktime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.

The specific flaw exists within the parsing of malformed Sample Table
Sample Descriptor (STSD) atoms. Specifying a malicious atom size can
result in an under allocated heap chunk and subsequently an exploitable
heap corruption.

-- Vendor Response:
Apple has issued an update to correct this vulnerability. More details
can be found at:

    http://docs.info.apple.com/article.html?artnum=304357

-- Disclosure Timeline:
2006.06.16 - Vulnerability reported to vendor
2006.01.31 - Digital Vaccine released to TippingPoint customers
2007.05.10 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by Ganesh Devarajan,
TippingPoint DVLabs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability, TSRT <=
Previous by Date:  Re: [Full-disclosure] Linux big bang theory...., KJKHyperion
Next by Date:  [Full-disclosure] ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability, zdi-disclosures
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 05.10.07: Apple Darwin Streaming Proxy Multiple Vulnerabilities, iDefense Labs
Next by Thread:  [Full-disclosure] ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability, zdi-disclosures
Indexes:  [Date] [Thread] [Top] [All Lists]