SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#420668

Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability

Overview

Apple QuickTime for Java contains a heap memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This feature is known as QuickTime for Java. QuickTime for Java fails to properly validate parameters when QTPointerRef objects are created, which can lead to heap memory corruption.

II. Impact

By convincing a user to run a malicious Java application or applet, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. This can be accomplished by visiting a malicious web page with a Java-enabled web browser.

III. Solution

Apply an update

Apply an update, as specified in the Apple QuickTime 7.1.6 security update.

Disable Java

This vulnerability can be mitigated by disabling Java in your web browser. Instructions for disabling Java can be found in the "Securing Your Web Browser" document. 

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable2-May-2007

References

http://www.cert.org/tech_tips/securing_browser/
http://docs.info.apple.com/article.html?artnum=305446
http://www.zerodayinitiative.com/advisories/ZDI-07-023.html
http://developer.apple.com/quicktime/qtjava/
http://developer.apple.com/documentation/Java/Reference/1.3.1/Java131API_QTJ/quicktime/util/QTPointerRef.html
http://www.cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
http://secunia.com/advisories/25011/
http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/
http://www.securityfocus.com/brief/488
http://www.securitytracker.com/id?1017950

Credit

This vulnerability was discovered by Dino Dai Zovi. An exploit for this vulnerability was demonstrated by Shane Macaulay at the CanSecWest 2007 conference.

This document was written by Will Dormann.

Other Information

Date Public04/20/2007
Date First Published05/02/2007 02:50:21 PM
Date Last Updated05/02/2007
CERT Advisory 
CVE NameCVE-2007-2175
US-CERT Technical Alerts 
Metric10.01
Document Revision9

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader