Vulnerabilities Affecting Apple QuickTime and IBM Lotus Sametime
July 15th, 2008
The Sourcefire VRT is aware of vulnerabilities affecting Apple QuickTime and IBM Lotus Sametime.
Apple QuickTime Stack Overflow (CVE-2008-1022):
Apple QuickTime contains a programming error that may allow a remote attacker to cause a stack overflow and subsequently execute code on a vulnerable system. The problem occurs when the application processes a specially crafted VR movie file with an obj atom of zero size.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1 and SID 13920.
IBM Lotus Sametime Stack Overflow (CVE-2008-2499):
IBM Lotus Sametime contains a programming error that may allow a remote attacker to cause a stack overflow and subsequently execute code on a vulnerable system. The problem occurs when the application processes a specially crafted URL.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1 and SID 13902.
For Assistance
- Visit the Sourcefire Customer Support site at https://support.sourcefire.com.
- Email Sourcefire Customer Support at support@sourcefire.com.
- Call Sourcefire Customer Support at 410.423.1901 or 1.800.917.4134.