Vulnerabilities > CVE-2011-0256 - Numeric Errors vulnerability in Apple Quicktime
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_QUICKTIME77.NASL description The version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime last seen 2020-06-01 modified 2020-06-02 plugin id 55763 published 2011-08-04 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55763 title QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(55763); script_version("1.19"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0209", "CVE-2011-0210", "CVE-2011-0211", "CVE-2011-0213", "CVE-2011-0245", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0256", "CVE-2011-0257" ); script_bugtraq_id( 46992, 46995, 48419, 48420, 48430, 48442, 49028, 49034, 49035, 49036, 49038, 49144, 49170 ); script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks version of QuickTime on Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote Mac OS X host contains an application that may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256)" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4826" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to QuickTime 7.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Quicktime652.nasl", "ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/QuickTime/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); # Mac OS X 10.5 only. os = get_kb_item("Host/MacOSX/Version"); if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (!ereg(pattern:"Mac OS X 10\.5([^0-9]|$)", string:os)) exit(0, "The host is running "+os+" and therefore is not affected."); version = get_kb_item_or_exit("MacOSX/QuickTime/Version"); fixed_version = "7.7"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The remote host is not affected since QuickTime "+version+" is installed.");NASL family Windows NASL id QUICKTIME_77.NASL description The version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime last seen 2020-06-01 modified 2020-06-02 plugin id 55764 published 2011-08-04 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55764 title QuickTime < 7.7 Multiple Vulnerabilities (Windows) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55764); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2011-0186", "CVE-2011-0187", "CVE-2011-0209", "CVE-2011-0210", "CVE-2011-0211", "CVE-2011-0213", "CVE-2011-0245", "CVE-2011-0246", "CVE-2011-0247", "CVE-2011-0248", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0256", "CVE-2011-0257", "CVE-2011-0258" ); script_bugtraq_id( 46992, 46995, 48419, 48420, 48430, 48442, 49028, 49029, 49030, 49031, 49034, 49035, 49036, 49038, 49144, 49170, 49396 ); script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Windows)"); script_summary(english:"Checks version of QuickTime on Windows"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains an application that may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245) - A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186) - A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187) - An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209) - A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210) - An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211) - A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213) - A heap-based buffer overflow in QuickTime's handling of GIF files may lead to an application crash or arbitrary code execution. (CVE-2011-0246) - Multiple stack-based buffer overflows in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0247) - A stack-based buffer overflow in the QuickTime ActiveX's handling of QTL files may lead to an application crash or arbitrary code execution. (CVE-2011-0248) - A heap-based buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249) - A heap-based buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250) - A heap-based buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251) - A heap-based buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252) - A stack-based buffer overflow in QuickTime's handling of PICT files may lead to an application crash or arbitrary code execution. (CVE-2011-0257) - An integer overflow in QuickTime's handling of track run atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0256) - Memory corruption in Quicktime's handling of mp4v codec information. (CVE-2011-0258)" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/" ); script_set_attribute( attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-255/" ); script_set_attribute( attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-256/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/" ); script_set_attribute( attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/" ); script_set_attribute( attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-277/" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4826" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to QuickTime 7.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("quicktime_installed.nasl"); script_require_keys("SMB/QuickTime/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); kb_base = "SMB/QuickTime/"; version = get_kb_item_or_exit(kb_base+"Version"); version_ui = get_kb_item(kb_base+"Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; fixed_version = "7.70.80.34"; fixed_version_ui = "7.7 (1680.34)"; if (ver_compare(ver:version, fix:fixed_version) == -1) { if (report_verbosity > 0) { path = get_kb_item(kb_base+"Path"); if (isnull(path)) path = 'n/a'; report = '\n Path : '+path+ '\n Installed version : '+version_report+ '\n Fixed version : '+fixed_version_ui+'\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); } else exit(0, "The host is not affected since QuickTime "+version_report+" is installed.");
Oval
| accepted | 2013-07-29T04:00:31.858-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:16097 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-12-11T16:37:33.623-05:00 | ||||||||||||
| title | Integer overflow in Apple QuickTime before 7.7 via crafted track run atoms in a QuickTime movie file | ||||||||||||
| version | 7 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 49170 CVE ID: CVE-2011-0256 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 Apple Mac OS X Quicktime在实现上存在整数溢出漏洞,远程攻击者可利用此漏洞在受影响应用程序中执行任意代码,可能造成拒绝服务。 此漏洞源于Quicktime处理trun元素的方式。Quicktime使用sampleCount字段中用户提供的数据计算缓冲区大小。整数溢出可导致分配较少的内存缓冲区。当Quicktime写入此缓冲区时,可造成内存破坏,导致以当前用户权限执行远程代码。 Apple MacOS X Server 10.6.x Apple QuickTime Player 7.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/ |
| id | SSV:20868 |
| last seen | 2017-11-19 |
| modified | 2011-08-18 |
| published | 2011-08-18 |
| reporter | Root |
| title | Apple Mac OS X Quicktime整数溢出漏洞 (CVE-2011-0256) |