Vigil@nce: QuickTime, several vulnerabilities
September 2008 by Vigil@nce
Several QuickTime vulnerabilities can lead to code execution.
– Gravity: 3/4
– Consequences: user access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 9
– Creation date: 10/09/2008
– Identifier: VIGILANCE-VUL-8101
IMPACTED PRODUCTS
– Microsoft Windows - plateform
– Unix - plateform
DESCRIPTION
Several QuickTime vulnerabilities can lead to code execution.
An attacker can create an overflow in the Indeo v5 codec.
[grav:3/4; CVE-2008-3615]
An attacker can use QuickTimeInternetExtras.qtx to create an
overflow in the Indeo v3.2 codec. [grav:3/4; CVE-2008-3635,
ZDI-08-057]
An attacker can create a QTVR (QuickTime Virtual Reality) video
with invalid Panorama (PDAT) fields in order to create a buffer
overflow. [grav:3/4; CVE-2008-3624]
An attacker can create a QTVR (QuickTime Virtual Reality) video
with invalid Panorama (PDAT) maxTilt, minFieldOfView and
maxFieldOfView fields in order to create a buffer overflow.
[grav:3/4; CVE-2008-3625, ZDI-08-058]
An attacker can create a malicious PICT image creating an integer
overflow leading to code execution. [grav:3/4; CVE-2008-3614]
An attacker can create a video with a long STSZ field in order to
generate an overflow in CallComponentFunctionWithStorage().
[grav:1/4; CVE-2008-3626, ZDI-08-059]
An attacker can create a H.264 video with invalid AVC1/MDAT
fields, in order to generate an integer overflow. [grav:3/4;
CVE-2008-3627, ZDI-08-060, ZDI-08-061, ZDI-08-062]
An attacker can create a malicious PICT image using incorrectly a
pointer and leading to code execution. [grav:3/4; CVE-2008-3628]
An attacker can create a malicious PICT image reading at an
invalid memory address, which leads to a denial of service.
[grav:1/4; CVE-2008-3629]
CHARACTERISTICS
– Identifiers: BID-31086, CVE-2008-3614, CVE-2008-3615,
CVE-2008-3624, CVE-2008-3625, CVE-2008-3626, CVE-2008-3627,
CVE-2008-3628, CVE-2008-3629, CVE-2008-3635, HT3027,
VIGILANCE-VUL-8101, ZDI-08-057, ZDI-08-058, ZDI-08-059,
ZDI-08-060, ZDI-08-061, ZDI-08-062
– Url: https://vigilance.aql.fr/tree/1/8101