Signature Detail
Short Name |
HTTP:STC:DL:MP4-FILE-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
MP4 File Parsing Buffer Overflow |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: MP4 File Parsing Buffer Overflow
This signature detects attempts to exploit a known flaw in MP4 File Parsing. A successful attack can result in a denial-of-service condition.
Extended Description
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
Affected Products
- apple quicktime 5.0
- apple quicktime 5.0.1
- apple quicktime 5.0.2
- apple quicktime 6.0
- apple quicktime 6.1
- apple quicktime 6.5
- apple quicktime 6.5.1
- apple quicktime 6.5.2
- apple quicktime 6.5.2 (:mac_os_x_10.2)
- apple quicktime 6.5.2 (:mac_os_x_10.3)
- apple quicktime 7.0
- apple quicktime 7.0.1
- apple quicktime 7.0.1 (:mac_os_x_10.3)
- apple quicktime 7.0.1 (:mac_os_x_10.4)
- apple quicktime 7.0.1 (:windows)
- apple quicktime 7.0.2
- apple quicktime 7.0.2 (:windows)
- apple quicktime 7.0.3
- apple quicktime 7.0.4
- apple quicktime 7.0 (:windows)
- apple quicktime 7.1.1
- apple quicktime up to 7.1.2
References
- CVE: CVE-2006-4386
- CVE: CVE-2007-6401
- CVE: CVE-2007-6402