Vulnerabilities > CVE-2014-1245 - Numeric Errors vulnerability in Apple Quicktime
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id QUICKTIME_775.NASL description The version of QuickTime installed on the remote Windows host is earlier than 7.7.5. It is, therefore, reportedly affected by the following vulnerabilities : - Out-of-bounds byte swapping issues exist in the handling of QuickTime image descriptions and last seen 2020-06-01 modified 2020-06-02 plugin id 72706 published 2014-02-26 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72706 title QuickTime < 7.7.5 Multiple Vulnerabilities (Windows) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72706); script_version("1.8"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2013-1032", "CVE-2014-1243", "CVE-2014-1244", "CVE-2014-1245", "CVE-2014-1246", "CVE-2014-1247", "CVE-2014-1248", "CVE-2014-1249", "CVE-2014-1250", "CVE-2014-1251" ); script_bugtraq_id(62375, 65777, 65784, 65786, 65787); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-02-25-3"); script_name(english:"QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)"); script_summary(english:"Checks version of QuickTime on Windows"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains an application that may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of QuickTime installed on the remote Windows host is earlier than 7.7.5. It is, therefore, reportedly affected by the following vulnerabilities : - Out-of-bounds byte swapping issues exist in the handling of QuickTime image descriptions and 'ttfo' elements. (CVE-2013-1032, CVE-2014-1250) - An uninitialized pointer issue exists in the handling of track lists. (CVE-2014-1243) - Buffer overflow vulnerabilities exist in the handling of H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms, PSD images, and 'clef' atoms. (CVE-2014-1244, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251) - A signedness issue exists in the handling of 'stsz' atoms. (CVE-2014-1245) - A memory corruption issue exists in the handling of 'dref' atoms. (CVE-2014-1247) Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user's privileges." ); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-044/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-045/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-046/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-047/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-048/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-049/"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204527"); script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/531268/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade to QuickTime 7.7.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("quicktime_installed.nasl"); script_require_keys("SMB/QuickTime/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); kb_base = "SMB/QuickTime/"; version = get_kb_item_or_exit(kb_base+"Version"); path = get_kb_item_or_exit(kb_base+"Path"); version_ui = get_kb_item(kb_base+"Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; fixed_version = "7.75.80.95"; fixed_version_ui = "7.7.5 (1680.95.13)"; if (ver_compare(ver:version, fix:fixed_version) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : '+path+ '\n Installed version : '+version_report+ '\n Fixed version : '+fixed_version_ui+'\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } audit(AUDIT_INST_PATH_NOT_VULN, 'QuickTime Player', version_report, path);
NASL family MacOS X Local Security Checks NASL id MACOSX_10_9_2.NASL description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72687 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72687 title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2014-001.NASL description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72688 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72688 title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 65777 CVE(CAN) ID: CVE-2014-1254,CVE-2014-1262,CVE-2014-1255,CVE-2014-1256,CVE-2014-1257,CVE-2014-1258,CVE-2014-1261,CVE-2014-1263,CVE-2014-1265,CVE-2014-1259,CVE-2014-1264,CVE-2014-1260,CVE-2014-1246,CVE-2014-1247,CVE-2014-1248,CVE-2014-1249,CVE-2014-1250,CVE-2014-1245 OS X(前称Mac OS X)是苹果公司为麦金塔电脑开发的专属操作系统的最新版本。 OS X 10.9.2之前版本在实现上存在多个漏洞,这些漏洞影响ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, File Bookmark组件,攻击者可利用这些漏洞执行任意代码、获取未授权访问权限、绕过安全限制、执行其他攻击等。 0 Apple Mac OS X < 10.9.2 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/support/downloads/ |
id | SSV:61574 |
last seen | 2017-11-19 |
modified | 2014-02-26 |
published | 2014-02-26 |
reporter | Root |
title | Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1) |