what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2006-4384

Status Candidate

Overview

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.

Related Files

Gentoo Linux Security Advisory 200803-8
Posted Mar 4, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-08 - Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Versions less than 20071007-r2 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386, CVE-2006-4388, CVE-2006-4389, CVE-2007-4674, CVE-2007-6166
SHA-256 | d9fa559b3abcc9c46f70ec63f6f34cb4ab4ef591354f8477e048ad99b4bade9d
mcafee-quicktime.txt
Posted Sep 14, 2006
Site avertlabs.com

McAfee Avert(tm) Labs Security Advisory - Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI. Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed. Vulnerable systems include QuickTime versions 7.1.2 and below for Mac OS X, QuickTime for Windows versions 7.1.2 and below.

tags | advisory, arbitrary, vulnerability, code execution
systems | windows, apple, osx
advisories | CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386, CVE-2006-4388, CVE-2006-4389
SHA-256 | baa83c53a32c6e6b2ca767a2b148f0a75247b22b96d758cc380dd86d88589895
iDEFENSE Security Advisory 2006-09-12.1
Posted Sep 13, 2006
Authored by iDefense Labs, Ruben Santamarta | Site idefense.com

iDefense Security Advisory 09.12.06 - Remote exploitation of a heap-based buffer overflow in Apple Computer's QuickTime Player could allow attackers to execute code under the privileges of the affected application. A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label. The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption. iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.

tags | advisory, remote, overflow
systems | apple
advisories | CVE-2006-4384
SHA-256 | 8bcabb0d8beb068b97d485b6166612603ed049aad375daf5647a8eed72680052
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close