Signature Detail

HTTP: Apple Quicktime MJPEG Frame stsd Atom Heap Overflow

This signature detects attempts to exploit a known vulnerability in the Apple Quicktime MJPEG Frame. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Extended Description

Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.

Affected Products

• apple quicktime 3.0
• apple quicktime 4.1.2
• apple quicktime 5.0
• apple quicktime 5.0.1
• apple quicktime 5.0.2
• apple quicktime 6.0
• apple quicktime 6.0.0
• apple quicktime 6.0.1
• apple quicktime 6.0.2
• apple quicktime 6.1
• apple quicktime 6.1.0
• apple quicktime 6.1.1
• apple quicktime 6.2.0
• apple quicktime 6.3.0
• apple quicktime 6.4.0
• apple quicktime 6.5
• apple quicktime 6.5.0
• apple quicktime 6.5.1
• apple quicktime 6.5.2
• apple quicktime 7.0.0
• apple quicktime 7.0.1
• apple quicktime 7.0.2
• apple quicktime 7.0.3
• apple quicktime 7.0.4
• apple quicktime 7.1.0
• apple quicktime 7.1.1
• apple quicktime 7.1.2
• apple quicktime 7.1.3
• apple quicktime 7.1.4
• apple quicktime 7.1.5
• apple quicktime 7.1.6
• apple quicktime 7.2.0
• apple quicktime 7.2.1
• apple quicktime 7.3.0
• apple quicktime 7.3.1
• apple quicktime 7.4.0
• apple quicktime 7.4.1
• apple quicktime 7.4.5
• apple quicktime 7.5.0
• apple quicktime 7.5.5
• apple quicktime 7.6.0
• apple quicktime 7.6.1
• apple quicktime 7.6.2
• apple quicktime 7.6.5
• apple quicktime 7.6.6
• apple quicktime 7.6.7
• apple quicktime 7.6.8
• apple quicktime 7.6.9
• apple quicktime 7.7.0
• apple quicktime 7.7.1
• apple quicktime 7.7.2
• apple quicktime up to 7.7.3

References

• BugTraq: 60108
• CVE: CVE-2013-1020