Copyright 2022 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA07-005A -- Apple QuickTime RTSP Buffer Overflow
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Fri, 5 Jan 2007 16:49:56 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                        National Cyber Alert System

                 Technical Cyber Security Alert TA07-005A


Apple QuickTime RTSP Buffer Overflow

   Original release date: January 05, 2007
   Last revised: --
   Source: US-CERT


Systems Affected

   Apple QuickTime on systems running

     * Apple Mac OS X

     * Microsoft Windows

   Note that Apple iTunes and other software using the vulnerable
   QuickTime components are also affected.


Overview

   Apple QuickTime contains a buffer overflow in the handling of RTSP
   URLs. This can allow a remote attacker to execute arbitrary code on a
   vulnerable system.


I. Description

   A vulnerability exists in the way Apple QuickTime handles specially
   crafted Real Time Streaming Protocol (RTSP) URL strings. Public
   exploit code is available that demonstrates how opening a .QTL file
   triggers the buffer overflow. However, we have confirmed that other
   attack vectors for the vulnerability also exist.

   Possible attack vectors include

     * a web page that uses the QuickTime plug-in or ActiveX control

     * a web page that uses the rtsp:// protocol

     * a file that is associated with the QuickTime Player

   US-CERT is tracking this issue as VU#442497. This reference number
   corresponds to CVE-2007-0015.

   Note that this vulnerability affects QuickTime on Microsoft Windows
   and Apple Mac platforms. Although web pages can be used as attack
   vectors, this vulnerability is not dependent on the specific web
   browser that is used.


II. Impact

   By convincing a user to open specially crafted QuickTime content, a
   remote, unauthenticated attacker can execute arbitrary code on a
   vulnerable system.


III. Solution

   We are currently unaware of a solution to this problem. Until a
   solution becomes available, the workarounds provided in US-CERT
   Vulnerability Note VU#442497 are strongly encouraged.

   <http://www.kb.cert.org/vuls/id/442497>


IV. References

     * US-CERT Vulnerability Note VU#442497 -
       <http://www.kb.cert.org/vuls/id/442497>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/>

     * CVE-2007-0015 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-005A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA07-005A Feedback VU#442497" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   January 05, 2007: Initial release





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRZ7D9OxOF3G+ig+rAQLG+Af/e+VhtMJEDuzVbT47HRdINgIRiOceCx4u
DZFbMaUvYu4hjGu9f+T6AaGWR9FQj1ZzWDYf/JHY67NCSkwJdFY4Th1vR09BXJGy
lmAzlj7+l3U4UeR+rEud0ajP8qCO7vwRGP4rPUVkcqgaBXqdyfgQbNHtwIpw6w/z
eFYyUp/2EA1vHeTGdPNAkQTupuC95kA0QsiONCVv9xTqg7xnlcXBTwKz+T/DcWig
LDLgPMupim8+ruhkzCCOVveIFQPBdXN5Aem/Fvpmhi2V5HRBc65vKaDoLzBpt4BZ
Wdbeud6ljPjm0JLPvy84Gn7qFcjCu3WP3Nayd7rhbClFZSWyGilM+Q==
=RrHt
-----END PGP SIGNATURE-----
Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology