19-01-2010

Vulnerabilidad remota en Quicktime que puede ser explotada por ficheros .mov malformados.

Sistemas afectados:

Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Apple QuickTime Player 6.4
Apple QuickTime Player 6

Riesgo:   Alto

Descripción:

El problema permite explotar una vulnerabilidad de ejecución de código remota en el Appel Quicktime.

Esta vulnerabilidad viene ocasionada por un error a la hora de parsear 'mdat' en un fichero .mov. Puede ser explotado a través de un fichero .mov especialmente manipulado.

Solución:

Actualizar a la última versión, disponible en la página del fabricante:

http://www.apple.com/quicktime/download/

Referencias:

CVE-2009-0006

Fuente:   Internet Storm Center http://isc.sans.org/