This flaw resided in the operating system's handling of animated cursor (.ani) files. It allowed for remote code execution (RCE), meaning an attacker could gain full control of an affected system. Exploitation could occur simply by visiting a malicious website, opening a specially crafted email, or viewing a compromised file.
Numerous Windows versions, including 2000, XP, Server 2003, and Vista, were susceptible. Rated as 'Critical,' the vulnerability necessitated immediate patching via Microsoft Security Bulletin MS07-017. It was a widely exploited threat, underscoring the importance of timely updates.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-005A
Apple QuickTime RTSP Buffer Overflow
Original release date: January 05, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Note that Apple iTunes and other software using the vulnerable
QuickTime components are also affected.
Overview
Apple QuickTime contains a buffer overflow in the handling of RTSP
URLs. This can allow a remote attacker to execute arbitrary code on a
vulnerable system.
I. Description
A vulnerability exists in the way Apple QuickTime handles specially
crafted Real Time Streaming Protocol (RTSP) URL strings. Public
exploit code is available that demonstrates how opening a .QTL file
triggers the buffer overflow. However, we have confirmed that other
attack vectors for the vulnerability also exist.
Possible attack vectors include
* a web page that uses the QuickTime plug-in or ActiveX control
* a web page that uses the rtsp:// protocol
* a file that is associated with the QuickTime Player
US-CERT is tracking this issue as VU#442497. This reference number
corresponds to CVE-2007-0015.
Note that this vulnerability affects QuickTime on Microsoft Windows
and Apple Mac platforms. Although web pages can be used as attack
vectors, this vulnerability is not dependent on the specific web
browser that is used.
II. Impact
By convincing a user to open specially crafted QuickTime content, a
remote, unauthenticated attacker can execute arbitrary code on a
vulnerable system.
III. Solution
We are currently unaware of a solution to this problem. Until a
solution becomes available, the workarounds provided in US-CERT
Vulnerability Note VU#442497 are strongly encouraged.
<http://www.kb.cert.org/vuls/id/442497>
IV. References
* US-CERT Vulnerability Note VU#442497 -
<http://www.kb.cert.org/vuls/id/442497>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* CVE-2007-0015 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-005A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 05, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRZ7D9OxOF3G+ig+rAQLG+Af/e+VhtMJEDuzVbT47HRdINgIRiOceCx4u
DZFbMaUvYu4hjGu9f+T6AaGWR9FQj1ZzWDYf/JHY67NCSkwJdFY4Th1vR09BXJGy
lmAzlj7+l3U4UeR+rEud0ajP8qCO7vwRGP4rPUVkcqgaBXqdyfgQbNHtwIpw6w/z
eFYyUp/2EA1vHeTGdPNAkQTupuC95kA0QsiONCVv9xTqg7xnlcXBTwKz+T/DcWig
LDLgPMupim8+ruhkzCCOVveIFQPBdXN5Aem/Fvpmhi2V5HRBc65vKaDoLzBpt4BZ
Wdbeud6ljPjm0JLPvy84Gn7qFcjCu3WP3Nayd7rhbClFZSWyGilM+Q==
=RrHt
-----END PGP SIGNATURE-----