{"vuid":"VU#913449","idnumber":"913449","name":"Apple QuickTime fails to properly handle corrupt GIF images","keywords":["Apple","QuickTime","buffer overflow","arbitrary code execution","GIF image","QuickTimeUpdate704"],"overview":"Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of files in the Graphics Interchange Format (GIF) could allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"A heap overflow exists in the way QuickTime handles the Netscape Navigator Application Extension Block of a GIF image. A specially crafted GIF image can allow attackers to execute arbitrary code of their choosing with the privileges of the user running QuickTime. Note that this issue affects QuickTime installations on both Apple Mac OS X and Microsoft Windows operating systems.","impact":"An attacker with the ability to supply a maliciously crafted GIF file (.gif) could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the QuickTime user opening the malicious file. The crafted GIF image may be supplied on a webpage or in email, or by some other means designed to encourage the victim to invoke QuickTime on the exploit image.","resolution":"Install an update Apple has addressed this issue with Quicktime 7.0.4, as specified in Apple Support Document 303101.","workarounds":"","sysaffected":"","thanks":"Apple credits Karl Lynn of \neEye Digital Security\n for reporting this issue. However, the \neEye advisory\n on this issue credits Fang Xing.","author":"This document was written by Chad R Dougherty based on information supplied by Apple and eEye Digital Security.","public":["http://www.eeye.com/html/research/advisories/AD20060111d.html","http://docs.info.apple.com/article.html?artnum=303101","http://secunia.com/advisories/18370/","http://securitytracker.com/alerts/2006/Jan/1015466.html"],"cveids":["CVE-2005-3713"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-01-11T15:25:39Z","publicdate":"2006-01-10T00:00:00Z","datefirstpublished":"2006-01-11T18:36:33Z","dateupdated":"2006-01-31T15:14:17Z","revision":22,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"2","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.8475","cam_scorecurrentwidelyknown":"4.91625","cam_scorecurrentwidelyknownexploited":"9.19125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.8475,"vulnote":null}