漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime 视频媒体属性堆溢出漏洞
- CNNVD编号:CNNVD-200703-165
- 危害等级: 高危
- CVE编号: CVE-2007-0718
- 漏洞类型: 缓冲区溢出
- 发布时间: 2007-03-05
- 威胁类型: 远程
- 更新时间: 2007-06-27
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: JJ Reyes Mike Pric...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。 QuickTime在处理各种媒体格式时存在多个缓冲区溢出漏洞,远程攻击者可能利用这些漏洞通过诱使用户打开处理畸形媒体文件控制用户机器。 QuickTime处理视频媒体属性时存在堆溢出漏洞。如果Video Sample Description中Color table ID字段为0的话,QuickTime会预期在描述后出现颜色表格,然后无论是否存在该表格都会在描述后的内存执行字节交换过程。如果描述后的内存不属于正在处理堆块的话,就会导致堆破坏。(CVE-2007-0718)
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/quicktime/download/mac.HTML http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/quicktime/download/win.HTML
参考网址
来源: TA07-065A 名称: TA07-065A 链接:http://www.us-cert.gov/cas/techalerts/TA07-065A.HTML 来源: VU#313225 名称: VU#313225 链接:http://www.kb.cert.org/vuls/id/313225 来源: SECTRACK 名称: 1017725 链接:http://www.securitytracker.com/id?1017725 来源: VUPEN 名称: ADV-2007-0825 链接:http://www.frsirt.com/english/advisories/2007/0825 来源: SECUNIA 名称: 24359 链接:http://secunia.com/advisories/24359 来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=305149 来源: XF 名称: quicktime-qtif-file-bo(32826) 链接:http://xforce.iss.net/xforce/xfdb/32826 来源: BID 名称: 22839 链接:http://www.securityfocus.com/bid/22839 来源: BID 名称: 22827 链接:http://www.securityfocus.com/bid/22827 来源: BUGTRAQ 名称: 20070306 [Reversemode Advisory] CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime Color ID remote heap corruption 链接:http://www.securityfocus.com/archive/1/archive/1/462012/100/0/threaded 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2007-03-05 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/Security-announce/2007/Mar/msg00000.HTML 来源: IDEFENSE 名称: 20070305 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime Color Table ID Heap Corruption Vulnerability 链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.0
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.0.1
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.0.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.0.3
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.0.4
补丁
暂无
评论