HTTP: Apple QuickTime Color Table ID Heap Corruption
This signature detects attempts to exploit a known vulnerability against Apple Quicktime. A successful attack can lead to arbitrary code execution.
Extended Description
Apple QuickTime is prone to multiple unspecified remote code-execution vulnerabilities including mulitple heap and stack-based buffer-overflow and integer-overflow issues. These issues arise when the application handles specially crafted 3GP, MIDI, MOV, PICT, and QTIF files. An attacker can exploit these issues to execute arbitrary code in the context of the user running the applicaiton. Successful attacks can result in the compromise of the applicaiton or can cause denial-of-service conditions. Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available. QuickTime versions prior to 7.1.5 are vulnerable.
Affected Products
Apple quicktime_player
Short Name
HTTP:STC:DL:QT-COLOR-TABLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2007-0718 Color Corruption Heap ID QuickTime Table bid:22827
Release Date
10/05/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apple
CVSS Score
5.8