LowRealSecure Desktop, Proventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects malformedQuickTime (.mov) files having data whose size exceeds its container size.
This signature detects malformed QuickTime (.mov) files having an atom whose size exceeds its container size.
Low
RealSecure Desktop: eqd, Proventia Desktop: 1980, Proventia Network IPS: XPU 1.97, RealSecure Network: XPU 24.58, RealSecure Server Sensor: XPU 24.58, BlackICE Server Protection: 3.6.cqd, BlackICE PC Protection: 3.6cqd, IBM Security Server Protection for Windows: 1.0.914.1980, Proventia Network MFS: XPU 1.97, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 24.58, Proventia Network IDS: XPU 24.58, Proventia Server IPS for Linux technology: 1.97, Virtual Server Protection for Vmware: 1.0
Microsoft Windows 95, Microsoft Windows NT: 4.0, Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2003 Server, Apple Mac OS X, Apple QuickTime
Suspicious Activity
Apple Quicktime uses a memory structure called an atom to store data. Each atom has a header in which the length is specified. Certain atoms can contain other nested atoms. A contained atom that has a specified length larger than the total length of the container atom it is nested within has been detected.
No remedy currently available.
Apple QuickTime Web site
Apple - Quicktime
http://www.apple.com/quicktime/
ISS X-Force
Apple Quicktime atom length detected
http://www.iss.net/security_center/static/33298.php