QuickTime: heap corruption allows arbitrary code execution via malicious H.264 movie files (CVE-2008-3627)

Discovered on:
2008-03-1
Reported on:
2008-05-19
Remediated on:
2008-09-09
Published on:
2008-09-09
Severity:
CVE:
CVE-2008-3627

Summary

Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

Technical details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user.

Patch or remediation

Apple released an update to QuickTime (HT3027, QuickTime 7.5.5).

References

The following references are relevant to this advisory: