Signature Detail

HTTP: Apple QuickTime Crafted HTTP Error Response Buffer Overflow

This signature detects attempts to exploit a known vulnerability in Apple QuickTime Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.

Extended Description

Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. QuickTime 7.3.1.70 is vulnerable to this issue; other versions may also be affected. NOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X.

Affected Products

• Apple QuickTime Player 7.0.0
• Apple QuickTime Player 7.0.1
• Apple QuickTime Player 7.0.2
• Apple QuickTime Player 7.0.3
• Apple QuickTime Player 7.0.4
• Apple QuickTime Player 7.1
• Apple QuickTime Player 7.1.1
• Apple QuickTime Player 7.1.2
• Apple QuickTime Player 7.1.3
• Apple QuickTime Player 7.1.4
• Apple QuickTime Player 7.1.5
• Apple QuickTime Player 7.1.6
• Apple QuickTime Player 7.2
• Apple QuickTime Player 7.3
• Apple QuickTime Player 7.3.1
• Apple QuickTime Player 7.3.1.70
• Apple QuickTime Player 7.4
• Apple TV 1.0
• Apple TV 1.1
• Apple TV 2.0

References

• BugTraq: 27225
• CVE: CVE-2008-0234