Update Protection against Apple QuickTime Crafted Media File Integer Underflow Vulnerability
| Check Point Reference: | CPAI-2007-069 | |
| Date Published: | ||
| Severity: | ||
| Source: | SecurityTracker Alert ID: 1017967 | |
| Industry Reference(s): | CVE-2007-2296 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Apple QuickTime 7.1.5 and prior | ||
| Vulnerability Description A vulnerability has been reported in Apple QuickTime. Apple QuickTime is a multimedia player that supports a wide range of media formats. A remote attacker can exploit this vulnerability via a specially crafted MP4 file. MP4 is the official filename extension for MPEG-4 Part 14 files. These files are generally used to store digital audio and digital video streams. Successful exploitation of the vulnerability allows execution of arbitrary code on a vulnerable system. |
||
|
Vulnerability Details The vulnerability is due to an integer underflow error in the Apple QuickTime "FlipFileTypeAtom_BtoN" function that fails to properly handle crafted QuickTime media files. A remote attacker could trigger this flaw via a specially crafted MP4 file. Successful exploitation allows execution of arbitrary code once a malformed MP4 file is being loaded on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of malformed Apple QuickTime MP4 files over HTTP.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
The Update released on June 13, 2007 includes the following protections:
Apple QuickTime Crafted Media File Vulnerability (CPAI-2007-069)
LANDesk Alert Service Stack Overflow Vulnerability (CPAI-2007-070)
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:
Malformed Apple QuickTime MP4 Files
3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed apple quicktime mp4 file
VPN-1 NGX R61, R60, VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed Apple QuickTime MP4 Files
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed apple quicktime mp4 file
VPN-1 NG with Application Intelligence R55
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed Apple QuickTime MP4 Files
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99886 will appear on the SmartView Tracker.
VPN-1 VSX NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:
Malformed Apple QuickTime MP4 Files
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Rule #99886 will appear on the SmartView Tracker.
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the Web Intelligence tree, click HTTP Client Protections > Microsoft Internet Explorer vulnerabilities.
3. Select the following pattern:
Malformed Apple QuickTime MP4 Files
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed apple quicktime mp4 file
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Web > HTTP Client Protections > Microsoft Internet Explorer vulnerabilities.
2. Select the following pattern:
Malformed Apple QuickTime MP4 Files
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Malformed apple quicktime mp4 file