Signature Detail
Short Name |
HTTP:APPLE-QT-TTD-BO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple Quicktime Text Track Descriptors Heap Buffer Overflow |
Release Date |
2013/08/22 |
Update Number |
2292 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple Quicktime Text Track Descriptors Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Apple Quicktime. The vulnerability is due to improper validation on parameter lengths of Text Track Descriptors. The overly long parameter can be copied by the vulnerable code into a fixed length heap buffer. This vulnerability can be exploited by a remote attacker by enticing the target user to open a specially crafted text track or movie file with the affected application. Successful exploitation could result in arbitrary code injection and execution in the context of the currently logged-in user.
Extended Description
Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.
Affected Products
- apple quicktime 3.0
- apple quicktime 4.1.2
- apple quicktime 5.0
- apple quicktime 5.0.1
- apple quicktime 5.0.2
- apple quicktime 6.0
- apple quicktime 6.0.0
- apple quicktime 6.0.1
- apple quicktime 6.0.2
- apple quicktime 6.1
- apple quicktime 6.1.0
- apple quicktime 6.1.1
- apple quicktime 6.2.0
- apple quicktime 6.3.0
- apple quicktime 6.4.0
- apple quicktime 6.5
- apple quicktime 6.5.0
- apple quicktime 6.5.1
- apple quicktime 6.5.2
- apple quicktime 7.0
- apple quicktime 7.0.0
- apple quicktime 7.0.1
- apple quicktime 7.0.2
- apple quicktime 7.0.3
- apple quicktime 7.0.4
- apple quicktime 7.1
- apple quicktime 7.1.0
- apple quicktime 7.1.1
- apple quicktime 7.1.2
- apple quicktime 7.1.3
- apple quicktime 7.1.4
- apple quicktime 7.1.5
- apple quicktime 7.1.6
- apple quicktime 7.2
- apple quicktime 7.2.0
- apple quicktime 7.2.1
- apple quicktime 7.3
- apple quicktime 7.3.0
- apple quicktime 7.3.1
- apple quicktime 7.3.1.70
- apple quicktime 7.4
- apple quicktime 7.4.0
- apple quicktime 7.4.1
- apple quicktime 7.4.5
- apple quicktime 7.5.0
- apple quicktime 7.5.5
- apple quicktime 7.6.0
- apple quicktime 7.60.92.0
- apple quicktime 7.6.1
- apple quicktime 7.6.2
- apple quicktime 7.62.14.0
- apple quicktime 7.64.17.73
- apple quicktime 7.6.5
- apple quicktime 7.65.17.80
- apple quicktime 7.6.6
- apple quicktime 7.66.71.0
- apple quicktime 7.6.7
- apple quicktime 7.67.75.0
- apple quicktime 7.6.8
- apple quicktime 7.68.75.0
- apple quicktime 7.6.9
- apple quicktime 7.69.80.9
- apple quicktime 7.7.0
- apple quicktime up to 7.7.1
References
- CVE: CVE-2012-0664