Signature Detail
Short Name |
HTTP:STC:STREAM:QT-DESC-ATOM |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple QuickTime Image Descriptor Atom Parsing Memory Corruption |
Release Date |
2010/09/28 |
Update Number |
1780 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple QuickTime Image Descriptor Atom Parsing Memory Corruption
This signature detects attempts to exploit a known vulnerability against Apple QuickTime Player. A successful attack can lead to arbitrary code execution.
Extended Description
Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.
Affected Products
- Apple QuickTime Player 7.0.0
- Apple QuickTime Player 7.0.1
- Apple QuickTime Player 7.0.2
- Apple QuickTime Player 7.0.3
- Apple QuickTime Player 7.0.4
- Apple QuickTime Player 7.1
- Apple QuickTime Player 7.1.1
- Apple QuickTime Player 7.1.2
- Apple QuickTime Player 7.1.3
- Apple QuickTime Player 7.1.4
- Apple QuickTime Player 7.1.5
- Apple QuickTime Player 7.1.6
- Apple QuickTime Player 7.2
- Apple QuickTime Player 7.3
References
- BugTraq: 27299
- CVE: CVE-2008-0033