Signature Detail
Short Name |
HTTP:STC:STREAM:QT-IT-MEM |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple QuickTime and iTunes Heap Memory Corruption |
Release Date |
2010/09/28 |
Update Number |
1780 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple QuickTime and iTunes Heap Memory Corruption
This signature detects attempts to exploit a known vulnerability in Apple QuickTime and ITunes. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.
Extended Description
A heap-based buffer overflow vulnerability has been reported in Apple QuickTime and iTunes. This issue affects both Mac OS X and Microsoft Windows releases of the software. This issue may be triggered when the application processes a malformed movie (.MOV) file. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected.
Affected Products
- Apple iTunes 6.0.1
- Apple QuickTime Player 7.0.3
- Free-codecs.com QuickTime Alternative 1.67.0
References
- BugTraq: 15732
- CVE: CVE-2005-4092