Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Vulnerability

Vigil@nce: QuickTime, several vulnerabilities

September 2008 by Vigil@nce

Several QuickTime vulnerabilities can lead to code execution.

 Gravity: 3/4
 Consequences: user access/rights
 Provenance: document
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Number of vulnerabilities in this bulletin: 9
 Creation date: 10/09/2008
 Identifier: VIGILANCE-VUL-8101

IMPACTED PRODUCTS

 Microsoft Windows - plateform
 Unix - plateform

DESCRIPTION

Several QuickTime vulnerabilities can lead to code execution.

An attacker can create an overflow in the Indeo v5 codec.
[grav:3/4; CVE-2008-3615]

An attacker can use QuickTimeInternetExtras.qtx to create an
overflow in the Indeo v3.2 codec. [grav:3/4; CVE-2008-3635,
ZDI-08-057]

An attacker can create a QTVR (QuickTime Virtual Reality) video
with invalid Panorama (PDAT) fields in order to create a buffer
overflow. [grav:3/4; CVE-2008-3624]

An attacker can create a QTVR (QuickTime Virtual Reality) video
with invalid Panorama (PDAT) maxTilt, minFieldOfView and
maxFieldOfView fields in order to create a buffer overflow.
[grav:3/4; CVE-2008-3625, ZDI-08-058]

An attacker can create a malicious PICT image creating an integer
overflow leading to code execution. [grav:3/4; CVE-2008-3614]

An attacker can create a video with a long STSZ field in order to
generate an overflow in CallComponentFunctionWithStorage().
[grav:1/4; CVE-2008-3626, ZDI-08-059]

An attacker can create a H.264 video with invalid AVC1/MDAT
fields, in order to generate an integer overflow. [grav:3/4;
CVE-2008-3627, ZDI-08-060, ZDI-08-061, ZDI-08-062]

An attacker can create a malicious PICT image using incorrectly a
pointer and leading to code execution. [grav:3/4; CVE-2008-3628]

An attacker can create a malicious PICT image reading at an
invalid memory address, which leads to a denial of service.
[grav:1/4; CVE-2008-3629]

CHARACTERISTICS

 Identifiers: BID-31086, CVE-2008-3614, CVE-2008-3615,
CVE-2008-3624, CVE-2008-3625, CVE-2008-3626, CVE-2008-3627,
CVE-2008-3628, CVE-2008-3629, CVE-2008-3635, HT3027,
VIGILANCE-VUL-8101, ZDI-08-057, ZDI-08-058, ZDI-08-059,
ZDI-08-060, ZDI-08-061, ZDI-08-062
 Url: https://vigilance.aql.fr/tree/1/8101


See previous articles

    

See next articles


Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011