-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-005A Apple QuickTime RTSP Buffer Overflow Original release date: January 05, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Note that Apple iTunes and other software using the vulnerable QuickTime components are also affected. Overview Apple QuickTime contains a buffer overflow in the handling of RTSP URLs. This can allow a remote attacker to execute arbitrary code on a vulnerable system. I. Description A vulnerability exists in the way Apple QuickTime handles specially crafted Real Time Streaming Protocol (RTSP) URL strings. Public exploit code is available that demonstrates how opening a .QTL file triggers the buffer overflow. However, we have confirmed that other attack vectors for the vulnerability also exist. Possible attack vectors include * a web page that uses the QuickTime plug-in or ActiveX control * a web page that uses the rtsp:// protocol * a file that is associated with the QuickTime Player US-CERT is tracking this issue as VU#442497. This reference number corresponds to CVE-2007-0015. Note that this vulnerability affects QuickTime on Microsoft Windows and Apple Mac platforms. Although web pages can be used as attack vectors, this vulnerability is not dependent on the specific web browser that is used. II. Impact By convincing a user to open specially crafted QuickTime content, a remote, unauthenticated attacker can execute arbitrary code on a vulnerable system. III. Solution We are currently unaware of a solution to this problem. Until a solution becomes available, the workarounds provided in US-CERT Vulnerability Note VU#442497 are strongly encouraged. <http://www.kb.cert.org/vuls/id/442497> IV. References * US-CERT Vulnerability Note VU#442497 - <http://www.kb.cert.org/vuls/id/442497> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> * CVE-2007-0015 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-005A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA07-005A Feedback VU#442497" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 05, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRZ7D9OxOF3G+ig+rAQLG+Af/e+VhtMJEDuzVbT47HRdINgIRiOceCx4u DZFbMaUvYu4hjGu9f+T6AaGWR9FQj1ZzWDYf/JHY67NCSkwJdFY4Th1vR09BXJGy lmAzlj7+l3U4UeR+rEud0ajP8qCO7vwRGP4rPUVkcqgaBXqdyfgQbNHtwIpw6w/z eFYyUp/2EA1vHeTGdPNAkQTupuC95kA0QsiONCVv9xTqg7xnlcXBTwKz+T/DcWig LDLgPMupim8+ruhkzCCOVveIFQPBdXN5Aem/Fvpmhi2V5HRBc65vKaDoLzBpt4BZ Wdbeud6ljPjm0JLPvy84Gn7qFcjCu3WP3Nayd7rhbClFZSWyGilM+Q== =RrHt -----END PGP SIGNATURE-----