Apple iPod touch/iPhone TIFF图形处理缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113785 漏洞类型 缓冲区溢出
发布时间 2007-10-11 更新时间 2007-10-14
CVE编号 CVE-2007-5450 CNNVD-ID CNNVD-200710-287
漏洞平台 iOS CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/4522
https://www.securityfocus.com/bid/85298
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-287
|漏洞详情
iPodtouch(也被称为iTouch)是苹果公司发布的MP4播放器,iPhone是其发布的智能手机。iPodtouch的Safari浏览器在处理畸形格式的TIFF图像时存在漏洞,攻击者可能利用此漏洞控制用户系统。如果用户受骗使用上述产品中所内嵌的Safari浏览器查看了特制的TIFF图形的话,就可能触发缓冲区溢出,导致拒绝服务或执行任意指令。
|漏洞EXP
<!--
The iPhone / iTouch tif exploit is now officially released!
source: http://www.toc2rta.com/

So its offical we have released the tiff exploit code. 
You can navigate in safari to http://jailbreak.toc2rta.com 
on your Itouch or Iphone 1.1.1. It will crash your Safari 
but then you will be able to browse the file system with 
full read/write access. This is only for people who understand 
what they are doing. You will need IPHUC and some knowledge of 
how to put/get files.

TUTORIAL FOR WINDOWS http://www.ipodtouchfans.com/forums/showthread.php?t=1570

Check back later for a full breakdown of how the 
tiff works and what the future holds for Toc2rta and the 
Itouch & Iphone.

Exploit by Niacin and Dre.

A special thanks to Pumpkin,dinopio,davidc,natetrue,Smileydude,neimod 
,Nervegas,erica,roxfan,phire and the rest of the dev team for all 
their work that helped make this happen. You can visit the dev team's 
site here : http://iphone.fiveforty.net/wiki/index.php?title=Main_Page

EDB Note: Old filename: 10112007-iphone.tif
-->

<html>
<img src="https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/4522.tif">
</html>

# milw0rm.com [2007-10-11]
|受影响的产品
Apple Safari 5.0.6 for windows
|参考资料

来源:MISC
链接:http://www.toc2rta.com/?q=node/23
来源:MILW0RM
名称:4522
链接:http://www.milw0rm.com/exploits/4522
来源:VUPEN
名称:ADV-2007-3485
链接:http://www.frsirt.com/english/advisories/2007/3485
来源:SECUNIA
名称:27213
链接:http://secunia.com/advisories/27213
来源:XF
名称:iphone-ipod-tiff-code-execution(37186)
链接:http://xforce.iss.net/xforce/xfdb/37186