漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime 'mp4v'解码器信息处理任意代码执行漏洞
- CNNVD编号:CNNVD-201108-522
- 危害等级: 中危
- CVE编号: CVE-2011-0258
- 漏洞类型: 缓冲区溢出
- 发布时间: 2011-09-01
- 威胁类型: 远程
- 更新时间: 2011-09-07
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: Damian Put
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime是美国苹果(CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple)公司开发的一款多媒体播放软件。该软件能够处理数字视频、媒体段落等多种资源。
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime 7.7之前版本在处理“mp4v”解码器信息时存在缓冲区溢出漏洞。当解析视频描述表时,会读取“mp4v”标签先前的大小字段并使用该大小去创建存储数据的配置,随后复制正确的数据量到缓冲区,然而在未检查大小的固定缓冲区部分上做了一些字节存储次序的改变。远程攻击者可利用该漏洞导致内存破坏,在当前用户上下文中执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT4826
参考网址
来源: zerodayinitiative.com
链接:http://zerodayinitiative.com/advisories/ZDI-11-277/
来源: XF
名称: quicktime-mp4v-bo(69518)
链接:http://xforce.iss.net/xforce/xfdb/69518
来源: BUGTRAQ
名称: 20110831 ZDI-11-277: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/519483/100/0/threaded
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT4826
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:3.0
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:4.1.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:5.0
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:5.0.1
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:5.0.2
补丁
暂无
评论