Vulnerabilities > CVE-2011-3248 - Numeric Errors vulnerability in Apple Quicktime
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id QUICKTIME_771.NASL description The version of QuickTime installed on the remote Windows host is older than 7.7.1 and may be affected by the following vulnerabilities : - A cross-site scripting issue exists in HTML files generated by the last seen 2020-06-01 modified 2020-06-02 plugin id 56667 published 2011-10-28 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56667 title QuickTime < 7.7.1 Multiple Vulnerabilities (Windows) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(56667); script_version("1.13"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3228", "CVE-2011-3247", "CVE-2011-3248", "CVE-2011-3249", "CVE-2011-3250", "CVE-2011-3251" ); script_bugtraq_id( 50068, 50100, 50101, 50122, 50127, 50130, 50131, 50399, 50400, 50401, 50403, 50404 ); script_name(english:"QuickTime < 7.7.1 Multiple Vulnerabilities (Windows)"); script_summary(english:"Checks version of QuickTime on Windows"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains an application that may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Windows host is older than 7.7.1 and may be affected by the following vulnerabilities : - A cross-site scripting issue exists in HTML files generated by the 'Save for Web' export feature. (CVE-2011-3218) - A buffer overflow error exists in the handling of H.264 encoded video files. (CVE-2011-3219) - An error exists in the processing of URL data handlers in movie files and can allow access to uninitialized areas of memory. (CVE-2011-3220) - An error exists in the handling of the 'atoms' hierarchy as well as 'TKHD atoms' in movie files. (CVE-2011-3221, CVE-2011-3251) - Buffer overflow errors exist in the processing of of FlashPix, FLIC, PICT and FLC-encoded files. (CVE-2011-3222, CVE-2011-3223, CVE-2011-3247, CVE-2011-3249) - An unspecified error can allow memory corruption when viewing certain video files. (CVE-2011-3228) - An error related to signedness exists in the handling of font tables in QuickTime video files. (CVE-2011-3248) - An integer overflow error exists in the handling of JPEG2000 encoded video files. (CVE-2011-3250)" ); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-295/"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-11-303/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-311/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-312/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-313/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-314/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-315/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-316/"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-136/"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/523931/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT5016"); script_set_attribute(attribute:"solution", value:"Upgrade to QuickTime 7.7.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/27"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("quicktime_installed.nasl"); script_require_keys("SMB/QuickTime/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); kb_base = "SMB/QuickTime/"; version = get_kb_item_or_exit(kb_base+"Version"); version_ui = get_kb_item(kb_base+"Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; fixed_version = "7.71.80.42"; fixed_version_ui = "7.7.1 (1680.42)"; if (ver_compare(ver:version, fix:fixed_version) == -1) { set_kb_item(name: 'www/0/XSS', value: TRUE); if (report_verbosity > 0) { path = get_kb_item(kb_base+"Path"); if (isnull(path)) path = 'n/a'; report = '\n Path : '+path+ '\n Installed version : '+version_report+ '\n Fixed version : '+fixed_version_ui+'\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); exit(0); } else exit(0, "The QuickTime "+version_report+" install on the host is not affected.");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-001.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57798 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57798 title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_3.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57797 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57797 title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)
Oval
| accepted | 2013-07-29T04:00:28.873-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:16012 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-12-11T16:37:33.623-05:00 | ||||||||||||
| title | Integer signedness error in Apple QuickTime before 7.7.1 | ||||||||||||
| version | 7 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 50400 CVE ID: CVE-2011-3248 QuickTime是由苹果电脑所开发的一种多媒体架构,能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式,以及交互式全景影像的数项类型。 Apple QuickTime 7.7.1之前版本在处理特制视频文件时存在签名问题导致的远程代码执行漏洞,攻击者可利用此漏洞以当前用户权限执行任意代码。 Apple QuickTime Player 7.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/ |
| id | SSV:23144 |
| last seen | 2017-11-19 |
| modified | 2011-10-28 |
| published | 2011-10-28 |
| reporter | Root |
| title | Apple QuickTime 7.7.1之前版本视频文件处理远程代码执行漏洞 |
References
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://support.apple.com/kb/HT5016
- http://support.apple.com/kb/HT5130
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16012
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16012
- http://support.apple.com/kb/HT5130
- http://support.apple.com/kb/HT5016