| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jan 2006 00:01:37 -0500 From: "Paul" <pvnick@...il.com> To: <secresearch@...tinet.com>, <full-disclosure@...ts.grok.org.uk>, <vulnwatch@...nwatch.org>, <bugtraq@...urityfocus.com>, <ntbugtraq@...ugtraq.com> Subject: RE: Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability Seems to be a lot of quicktime vuln advisories the past couple days. Coincidence? Paul Greyhats Security -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of secresearch@...tinet.com Sent: Thursday, January 12, 2006 6:41 PM To: full-disclosure@...ts.grok.org.uk; vulnwatch@...nwatch.org; bugtraq@...urityfocus.com; ntbugtraq@...ugtraq.com Subject: [Full-disclosure] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability Fortinet Security Advisory: FSA-2006-01 Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability Advisory Date : January 12, 2006 Reported Date : November 28, 2005 Vendor : Apple computers Affected Products : Apple QuickTime Player v7.0.3 Severity : High Reference : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3711 http://docs.info.apple.com/article.html?artnum=303101 http://www.securityfocus.com/bid/16202/info Description : Fortinet Security Research Team (FSRT) has discovered a Buffer Overflow Vulnerability in the Apple QuickTime Player. Apple QuickTime has buffer overflow vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it'll cause memory access violation, and leading to potential Arbitrary Command Execution. Impact : Execute arbitrary code Solution : Apple Computers has released a security update for this vulnerability, which is available for downloading from Apples's web site under security update. Fortinet Protection: Fortinet is protecting network from this vulnerability with latest IPS update. Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: 1/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: 1/11/2006 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists