SMTP: Apple QuickTime STSD Atoms Handling Heap Overflow
There exists a buffer overflow vulnerability in Apple QuickTime. The flaw is due to boundary errors when processing the Sample Table Sample Descriptor (STSD) atom in QuickTime movie files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted QuickTime movie file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. In an attack case where code injection is not successful, the affected Apple QuickTime process will terminate abnormally.
Extended Description
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
Short Name
SMTP:APPLE-QT-STSD-OF
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
Apple Atoms CVE-2007-3750 CVE-2015-3789 Handling Heap Overflow QuickTime STSD bid:26341
Release Date
10/25/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
CVSS Score
9.3
6.8