Telestream Flip4Mac WMV文件远程内存破坏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112093 漏洞类型 设计错误
发布时间 2007-01-27 更新时间 2007-01-29
CVE编号 CVE-2007-0466 CNNVD-ID CNNVD-200701-552
漏洞平台 OSX CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/29535
https://www.securityfocus.com/bid/22286
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-552
|漏洞详情
Flip4Mac是一个QuickTime组件集,允许在Mac上使用基于QuickTime的应用程序播放、导入和导出WindowsMedia音频视频文件。Flip4Mac在处理畸形WMV文件时存在输入验证错误。如果WMV文件包含有特制的ASF_File_Properties_Object大小字段的话,就可能触发内存破坏,导致执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/22286/info

Flip4Mac is prone to a remote memory-corruption vulnerability.

Flip4Mac is prone to a remote memory-corruption vulnerability because the application fails to properly handle malformed WMV files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

Flip4Mac Windows Media Components for QuickTime version 2.1.0.33 is reported vulnerable; other versions may be affected as well. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/29535.wmv
|受影响的产品
TeleStream Flip4Mac Windows Media Components for QuickTime 2.1 .33
|参考资料

来源:BID
名称:22286
链接:http://www.securityfocus.com/bid/22286
来源:VUPEN
名称:ADV-2007-0389
链接:http://www.frsirt.com/english/advisories/2007/0389
来源:SECUNIA
名称:23958
链接:http://secunia.com/advisories/23958
来源:MISC
链接:http://projects.info-pull.com/moab/MOAB-27-01-2007.html
来源:OSVDB
名称:32697
链接:http://www.osvdb.org/32697