Vulnerabilities > CVE-2011-0256 - Numeric Errors vulnerability in Apple Quicktime

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
CWE-189
critical
nessus

Summary

Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME77.NASL
    descriptionThe version of QuickTime installed on the remote Mac OS X host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime
    last seen2020-06-01
    modified2020-06-02
    plugin id55763
    published2011-08-04
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55763
    titleQuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(55763);
      script_version("1.19");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2011-0186",
        "CVE-2011-0187",
        "CVE-2011-0209",
        "CVE-2011-0210",
        "CVE-2011-0211",
        "CVE-2011-0213",
        "CVE-2011-0245",
        "CVE-2011-0249",
        "CVE-2011-0250",
        "CVE-2011-0251",
        "CVE-2011-0252",
        "CVE-2011-0256",
        "CVE-2011-0257"
      );
      script_bugtraq_id(
        46992,
        46995,
        48419,
        48420,
        48430,
        48442,
        49028,
        49034,
        49035,
        49036,
        49038,
        49144,
        49170
      );
    
      script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of QuickTime on Mac OS X");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Mac OS X host contains an application that may be affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of QuickTime installed on the remote Mac OS X host is
    older than 7.7.  As such, it reportedly may be affected by the
    following vulnerabilities :
    
      - A buffer overflow in QuickTime's handling of pict files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0245)
    
      - A buffer overflow in QuickTime's handling of JPEG2000
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0186)
    
      - A cross-origin issue in QuickTime plug-in's handling of
        cross-site redirects may lead to disclosure of video
        data from another site. (CVE-2011-0187)
    
      - An integer overflow in QuickTime's handling of RIFF WAV
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0209)
    
      - A memory corruption issue in QuickTime's handling of
        sample tables in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0210)
    
      - An integer overflow in QuickTime's handling of audio
        channels in movie files may lead to an application
        crash or arbitrary code execution. (CVE-2011-0211)
    
      - A buffer overflow in QuickTime's handling of JPEG files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0213)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSC atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0249)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0250)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSZ atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0251)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STTS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0252)
    
      - A stack-based buffer overflow in QuickTime's handling of
        PICT files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0257)
    
      - An integer overflow in QuickTime's handling of track run
        atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0256)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.apple.com/kb/HT4826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to QuickTime 7.7 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_Quicktime652.nasl", "ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/QuickTime/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    
    
    # Mac OS X 10.5 only.
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) exit(0, "The host does not appear to be running Mac OS X.");
    if (!ereg(pattern:"Mac OS X 10\.5([^0-9]|$)", string:os)) 
      exit(0, "The host is running "+os+" and therefore is not affected.");
    
    
    version = get_kb_item_or_exit("MacOSX/QuickTime/Version");
    fixed_version = "7.7";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Installed version : ' + version + 
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else exit(0, "The remote host is not affected since QuickTime "+version+" is installed.");
    
  • NASL familyWindows
    NASL idQUICKTIME_77.NASL
    descriptionThe version of QuickTime installed on the remote Windows host is older than 7.7. As such, it reportedly may be affected by the following vulnerabilities : - A buffer overflow in QuickTime
    last seen2020-06-01
    modified2020-06-02
    plugin id55764
    published2011-08-04
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55764
    titleQuickTime < 7.7 Multiple Vulnerabilities (Windows)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(55764);
      script_version("1.24");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2011-0186",
        "CVE-2011-0187",
        "CVE-2011-0209",
        "CVE-2011-0210",
        "CVE-2011-0211",
        "CVE-2011-0213",
        "CVE-2011-0245",
        "CVE-2011-0246",
        "CVE-2011-0247",
        "CVE-2011-0248",
        "CVE-2011-0249",
        "CVE-2011-0250",
        "CVE-2011-0251",
        "CVE-2011-0252",
        "CVE-2011-0256",
        "CVE-2011-0257",
        "CVE-2011-0258"
      );
      script_bugtraq_id(
        46992,
        46995,
        48419,
        48420,
        48430,
        48442,
        49028,
        49029,
        49030,
        49031,
        49034,
        49035,
        49036,
        49038,
        49144,
        49170,
        49396
      );
    
      script_name(english:"QuickTime < 7.7 Multiple Vulnerabilities (Windows)");
      script_summary(english:"Checks version of QuickTime on Windows");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains an application that may be
    affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of QuickTime installed on the remote Windows host is
    older than 7.7.  As such, it reportedly may be affected by the
    following vulnerabilities :
    
      - A buffer overflow in QuickTime's handling of pict files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0245)
    
      - A buffer overflow in QuickTime's handling of JPEG2000
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0186)
    
      - A cross-origin issue in QuickTime plug-in's handling of
        cross-site redirects may lead to disclosure of video
        data from another site. (CVE-2011-0187)
    
      - An integer overflow in QuickTime's handling of RIFF WAV
        files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0209)
    
      - A memory corruption issue in QuickTime's handling of
        sample tables in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0210)
    
      - An integer overflow in QuickTime's handling of audio
        channels in movie files may lead to an application
        crash or arbitrary code execution. (CVE-2011-0211)
    
      - A buffer overflow in QuickTime's handling of JPEG files
        may lead to an application crash or arbitrary code
        execution. (CVE-2011-0213)
    
      - A heap-based buffer overflow in QuickTime's handling of
        GIF files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0246)
    
      - Multiple stack-based buffer overflows in QuickTime's
        handling of H.264 encoded movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0247)
    
      - A stack-based buffer overflow in the QuickTime ActiveX's
        handling of QTL files may lead to an application crash
        or arbitrary code execution. (CVE-2011-0248)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSC atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0249)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0250)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STSZ atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0251)
    
      - A heap-based buffer overflow in QuickTime's handling of
        STTS atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0252)
    
      - A stack-based buffer overflow in QuickTime's handling of
        PICT files may lead to an application crash or arbitrary
        code execution. (CVE-2011-0257)
    
      - An integer overflow in QuickTime's handling of track run
        atoms in QuickTime movie files may lead to an
        application crash or arbitrary code execution.
        (CVE-2011-0256)
    
      - Memory corruption in Quicktime's handling of mp4v codec
        information. (CVE-2011-0258)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-254/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.zerodayinitiative.com/advisories/ZDI-11-255/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.zerodayinitiative.com/advisories/ZDI-11-256/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-257/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-258/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.zerodayinitiative.com/advisories/ZDI-11-259/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.zerodayinitiative.com/advisories/ZDI-11-277/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.apple.com/kb/HT4826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to QuickTime 7.7 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Apple QuickTime PICT PnSize Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("quicktime_installed.nasl");
      script_require_keys("SMB/QuickTime/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    kb_base = "SMB/QuickTime/";
    
    version = get_kb_item_or_exit(kb_base+"Version");
    version_ui = get_kb_item(kb_base+"Version_UI");
    
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui;
    
    fixed_version = "7.70.80.34";
    fixed_version_ui = "7.7 (1680.34)";
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      if (report_verbosity > 0)
      {
        path = get_kb_item(kb_base+"Path");
        if (isnull(path)) path = 'n/a';
    
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version_report+
          '\n  Fixed version     : '+fixed_version_ui+'\n';
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    else exit(0, "The host is not affected since QuickTime "+version_report+" is installed.");
    

Oval

accepted2013-07-29T04:00:31.858-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentApple QuickTime is installed
ovaloval:org.mitre.oval:def:12443
descriptionInteger overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.
familywindows
idoval:org.mitre.oval:def:16097
statusaccepted
submitted2012-12-11T16:37:33.623-05:00
titleInteger overflow in Apple QuickTime before 7.7 via crafted track run atoms in a QuickTime movie file
version7

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49170 CVE ID: CVE-2011-0256 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 Apple Mac OS X Quicktime在实现上存在整数溢出漏洞,远程攻击者可利用此漏洞在受影响应用程序中执行任意代码,可能造成拒绝服务。 此漏洞源于Quicktime处理trun元素的方式。Quicktime使用sampleCount字段中用户提供的数据计算缓冲区大小。整数溢出可导致分配较少的内存缓冲区。当Quicktime写入此缓冲区时,可造成内存破坏,导致以当前用户权限执行远程代码。 Apple MacOS X Server 10.6.x Apple QuickTime Player 7.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/
idSSV:20868
last seen2017-11-19
modified2011-08-18
published2011-08-18
reporterRoot
titleApple Mac OS X Quicktime整数溢出漏洞 (CVE-2011-0256)