{"vuid":"VU#115729","idnumber":"115729","name":"Apple QuickTime fails to properly handle corrupt TGA images","keywords":["Apple","QuickTime","buffer overflow","integer overflow","integer underflow","arbitrary code execution","DoS","TGA image","QuickTimeUpdate704"],"overview":"Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Several types of overflow vulnerabilities exist in the way QuickTime handles files in the Targa (TGA) image file format. A specially crafted TGA image can allow an attacker to execute arbitrary code of their choosing with the privileges of the user running QuickTime or cause a denial of service. Apple's advisory on this issue states that a buffer overflow, integer overflow, or integer underflow error could be exploited by such a crafted image. Additional details about the underlying cause of these overflows are not known. Note that this issue affects QuickTime installations on both Apple Mac OS X and Microsoft Windows operating systems.","impact":"An attacker with the ability to supply a maliciously crafted TGA file (.tga or .targa) could execute arbitrary code on a vulnerable system or cause a denial of service. The attacker-supplied code would be executed with the privileges of the QuickTime user opening the malicious file. The crafted TGA image may be supplied on a webpage or in email for the victim to select, or by some other means designed to encourage them to invoke QuickTime on the exploit image..","resolution":"Install an update Apple has addressed this issue with Quicktime 7.0.4, as specified in Apple Support Document 303101.","workarounds":"","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits \nDejun Meng of Fortinet for reporting this issue \nto them.","author":"This document was written by Chad R Dougherty based on information supplied by Apple.","public":["http://docs.info.apple.com/article.html?artnum=303101","http://secunia.com/advisories/18370/"],"cveids":["CVE-2005-3707"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-01-11T15:25:31Z","publicdate":"2006-01-10T00:00:00Z","datefirstpublished":"2006-01-11T18:35:26Z","dateupdated":"2006-01-11T20:02:34Z","revision":12,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"2","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.8475","cam_scorecurrentwidelyknown":"4.91625","cam_scorecurrentwidelyknownexploited":"9.19125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.8475,"vulnote":null}