Advisory Details

May 11th, 2006

Apple QuickTime H.264 Parsing Buffer Overflow Vulnerability

ZDI-06-015
ZDI-CAN-033

CVE ID CVE-2006-1463
CVSS SCORE
AFFECTED VENDORS Apple
AFFECTED PRODUCTS Quicktime
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4183. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime media player.

The specific flaw exists within the parsing of H.264 content. The implicit trust of a user-supplied size value during a memory copy loop allows an attacker to create an exploitable memory corruption condition. Exploitation requires that an attacker either coerce the target to open a malformed media file or visit a website embedding the malicious file.

ADDITIONAL DETAILS Apple has issued an update to correct this vulnerability. More details can be found at:
http://www.apple.com/support/downloads/
DISCLOSURE TIMELINE
  • 2006-03-20 - Vulnerability reported to vendor
  • 2006-05-11 - Coordinated public release of advisory
CREDIT ATmaCA
BACK TO ADVISORIES