Vulnerabilities > CVE-2014-1245 - Numeric Errors vulnerability in Apple Quicktime

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
CWE-189
critical
nessus

Summary

Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.

Vulnerable Configurations

Part Description Count
Application
Apple
137

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idQUICKTIME_775.NASL
    descriptionThe version of QuickTime installed on the remote Windows host is earlier than 7.7.5. It is, therefore, reportedly affected by the following vulnerabilities : - Out-of-bounds byte swapping issues exist in the handling of QuickTime image descriptions and
    last seen2020-06-01
    modified2020-06-02
    plugin id72706
    published2014-02-26
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72706
    titleQuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(72706);
      script_version("1.8");
      script_cvs_date("Date: 2018/11/15 20:50:28");
    
      script_cve_id(
        "CVE-2013-1032",
        "CVE-2014-1243",
        "CVE-2014-1244",
        "CVE-2014-1245",
        "CVE-2014-1246",
        "CVE-2014-1247",
        "CVE-2014-1248",
        "CVE-2014-1249",
        "CVE-2014-1250",
        "CVE-2014-1251"
      );
      script_bugtraq_id(62375, 65777, 65784, 65786, 65787);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-02-25-3");
    
      script_name(english:"QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)");
      script_summary(english:"Checks version of QuickTime on Windows");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains an application that may be affected
    by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of QuickTime installed on the remote Windows host is
    earlier than 7.7.5.  It is, therefore, reportedly affected by the
    following vulnerabilities :
    
      - Out-of-bounds byte swapping issues exist in the
        handling of QuickTime image descriptions and 'ttfo'
        elements. (CVE-2013-1032, CVE-2014-1250)
    
      - An uninitialized pointer issue exists in the handling of
        track lists.  (CVE-2014-1243)
    
      - Buffer overflow vulnerabilities exist in the handling of
        H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms,
        PSD images, and 'clef' atoms. (CVE-2014-1244,
        CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)
    
      - A signedness issue exists in the handling of 'stsz'
        atoms. (CVE-2014-1245)
    
      - A memory corruption issue exists in the handling of
        'dref' atoms. (CVE-2014-1247)
    
    Successful exploitation of these issues could result in program
    termination or arbitrary code execution, subject to the user's
    privileges."
      );
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-044/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-045/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-046/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-047/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-048/");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-049/");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204527");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/531268/30/0/threaded");
      script_set_attribute(attribute:"solution", value:"Upgrade to QuickTime 7.7.5 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("quicktime_installed.nasl");
      script_require_keys("SMB/QuickTime/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    kb_base = "SMB/QuickTime/";
    
    version = get_kb_item_or_exit(kb_base+"Version");
    path = get_kb_item_or_exit(kb_base+"Path");
    
    version_ui = get_kb_item(kb_base+"Version_UI");
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui;
    
    fixed_version = "7.75.80.95";
    fixed_version_ui = "7.7.5 (1680.95.13)";
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version_report+
          '\n  Fixed version     : '+fixed_version_ui+'\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    audit(AUDIT_INST_PATH_NOT_VULN, 'QuickTime Player', version_report, path);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_9_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id72687
    published2014-02-25
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72687
    titleMac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2014-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id72688
    published2014-02-25
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72688
    titleMac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65777 CVE(CAN) ID: CVE-2014-1254,CVE-2014-1262,CVE-2014-1255,CVE-2014-1256,CVE-2014-1257,CVE-2014-1258,CVE-2014-1261,CVE-2014-1263,CVE-2014-1265,CVE-2014-1259,CVE-2014-1264,CVE-2014-1260,CVE-2014-1246,CVE-2014-1247,CVE-2014-1248,CVE-2014-1249,CVE-2014-1250,CVE-2014-1245 OS X(前称Mac OS X)是苹果公司为麦金塔电脑开发的专属操作系统的最新版本。 OS X 10.9.2之前版本在实现上存在多个漏洞,这些漏洞影响ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, File Bookmark组件,攻击者可利用这些漏洞执行任意代码、获取未授权访问权限、绕过安全限制、执行其他攻击等。 0 Apple Mac OS X &lt; 10.9.2 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/support/downloads/
idSSV:61574
last seen2017-11-19
modified2014-02-26
published2014-02-26
reporterRoot
titleApple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)