Vulnerabilities Affecting Apple QuickTime and IBM Lotus Sametime

Synopsis:

The Sourcefire VRT is aware of vulnerabilities affecting Apple QuickTime and IBM Lotus Sametime.

Details:

Apple QuickTime Stack Overflow (CVE-2008-1022):
Apple QuickTime contains a programming error that may allow a remote attacker to cause a stack overflow and subsequently execute code on a vulnerable system. The problem occurs when the application processes a specially crafted VR movie file with an obj atom of zero size.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1 and SID 13920.

IBM Lotus Sametime Stack Overflow (CVE-2008-2499):
IBM Lotus Sametime contains a programming error that may allow a remote attacker to cause a stack overflow and subsequently execute code on a vulnerable system. The problem occurs when the application processes a specially crafted URL.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1 and SID 13902.

For Assistance:

• Visit the Sourcefire Customer Support site at https://support.sourcefire.com.
• Email Sourcefire Customer Support at support@sourcefire.com.
• Call Sourcefire Customer Support at 410.423.1901 or 1.800.917.4134.