SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#115729

Apple QuickTime fails to properly handle corrupt TGA images

Overview

Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system.

I. Description

Several types of overflow vulnerabilities exist in the way QuickTime handles files in the Targa (TGA) image file format. A specially crafted TGA image can allow an attacker to execute arbitrary code of their choosing with the privileges of the user running QuickTime or cause a denial of service. Apple's advisory on this issue states that a buffer overflow, integer overflow, or integer underflow error could be exploited by such a crafted image. Additional details about the underlying cause of these overflows are not known.

Note that this issue affects QuickTime installations on both Apple Mac OS X and Microsoft Windows operating systems.

II. Impact

An attacker with the ability to supply a maliciously crafted TGA file (.tga or .targa) could execute arbitrary code on a vulnerable system or cause a denial of service. The attacker-supplied code would be executed with the privileges of the QuickTime user opening the malicious file. The crafted TGA image may be supplied on a webpage or in email for the victim to select, or by some other means designed to encourage them to invoke QuickTime on the exploit image..

III. Solution

Install an update


Apple has addressed this issue with Quicktime 7.0.4, as specified in Apple Support Document 303101.

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable11-Jan-2006

References


http://docs.info.apple.com/article.html?artnum=303101
http://secunia.com/advisories/18370/

Credit

Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits Dejun Meng of Fortinet for reporting this issue to them.

This document was written by Chad R Dougherty based on information supplied by Apple.

Other Information

Date Public01/10/2006
Date First Published01/11/2006 01:35:26 PM
Date Last Updated01/11/2006
CERT Advisory 
CVE NameCVE-2005-3707
US-CERT Technical Alerts 
Metric3.85
Document Revision11

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader