Alias(es)Apple.QuickTime.StripByteCounts.Buffer.Overflow, Apple.QuickTime.StripOffsets.Improper.Memory.Access, Apple.Quicktime.ImageWidth.DoS |
Release DateJan 16, 2006 |
Severitylow |
ImpactSystem compromise. |
DescriptionA vulnerability in Apple QuickTime may allow system compromise. The vulnerability is due to a boundry condition error when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. An integer overflow allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Successful exploitation may allow a remote attacker to trigger a denial of service condition or gain unauthorized access. |
Affected ProductsApple QuickTime Player 7.0.3Apple QuickTime Player 7.0.2 Apple QuickTime Player 7.0.1 Apple QuickTime Player 7.0 |
Recommended ActionsApple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address these issues. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-3710CVE-2005-3711 |
Reference/shttp://docs.info.apple.com/article.html?artnum=303101http://www.securityfocus.com/bid/16202 (BugTraq) |
