WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec

Apple Quicktime MOV Integer Overflow

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.


Description

This signature detects attempts to exploit a remote integer vulnerability affecting Apple QuickTime applications when processing a malicious .MOV file.


Additional Information

QuickTime Player is the media player distributed by Apple for QuickTime as well as other media files.

A remote integer overflow vulnerability affects Apple QuickTime. This issue is due to a failure of the application to properly validate integer signed-ness prior to using it to carry out critical operations.

This issue presents itself due to improper sign handling in an embedded 'Pascal' style string that results in an overly large memory copy when negative values are processed.

An attacker may leverage this issue to cause the affected QuickTime client to crash, denying service to legitimate users. It has been speculated that this issue may also facilitate code execution. Any code execution would occur with the privileges of the user that activated the affected software.

This issue affects both Microsoft Windows and Apple versions of QuickTime.


Affected:

Apple QuickTime Player 6, 5.0.2, 6.1, 6.5, 6.5.1, 6.5.2, 7.0, 7.0.1, 7.0.2


Response

Apple has released version 7.0.3 of QuickTime to address this and other issues. Users are encouraged to utilize the built-in 'Software Update' feature to download and install fixes. See the referenced Apple document for further information.

Apple QuickTime Player 6:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 5.0.2:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 6.1:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 6.5:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 6.5.1:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 6.5.2:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 7.0:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 7.0.1:
Apple Upgrade QuickTime 7.0.3

Apple QuickTime Player 7.0.2:
Apple Upgrade QuickTime 7.0.3


Possible False Positives

There are no known false positives associated with this signature.


Additional References

Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation