Update Protection against Apple QuickTime Streaming Debug Error Logging Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2010-256 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA40729 | |
| Industry Reference(s): | CVE-2010-1799 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apple Quicktime 7.6.6 and prior | ||
| Vulnerability Description A stack buffer overflow vulnerability has been reported in Apple QuickTime. Apple QuickTime is a media player application that is capable of playing back numerous multimedia file formats from local file system or network servers. A remote attacker could exploit this issue via a malformed SMIL file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. |
||
|
Vulnerability Details The vulnerability is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. A remote attacker could exploit this
issue by enticing target users to open a crafted SMIL file containing an overly long URL. Successful exploitation would cause the application to terminate abnormally, and and may allow execution of arbitrary code on the vulnerable system.
|
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.