F-Secure
Tools
Apple QuickTime Multiple Vulnerabilities
| Report ID: | SA200902372 |
| Source: | Secunia |
| Date of Discovery: | 22.05.2009 |
| Criticality: | Urgent |
| Affects: | Apple QuickTime 7.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system
Detailed Description
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system
1) An integer underflow error exists in the processing of "0x77" tags within PICT images, which can be exploited to cause a heap-based buffer overflow when the user opens a specially crafted PICT image or visits a malicious web site.
2) A vulnerability is caused due to an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file.
Successful exploitation may allow execution of arbitrary code.
3) A vulnerability is caused due to a boundary error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted AVI file.
Successful exploitation may allow execution of arbitrary code.
Vulnerabilities #2 and #3 are confirmed in version 7.60.92.0. Other versions may also be affected.
4) A boundary error exists when processing line specifiers in FLC delta encoded frames. This can be exploited to cause a heap-based buffer overflow when a specially crafted FLC compression file is opened.
5) A boundary error in the processing of compressed PSD images can be exploited to cause a heap-based buffer overflow when a specially crafted compressed PSD file is opened.
6) A boundary error error exists in the processing of PICT images, which can be exploited to cause a heap-based buffer overflow when a PICT image having a specially crafted 0x8201 opcode is opened.
7) A boundary error exists in the handling of Clipping Region (CRGN) atom types in a movie file. This can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is opened.
8) A sign extension error exists in the handling of image description atoms, which can be exploited to corrupt memory and potentially execute arbitrary code when a specially crafted video file is opened.
9) An error due to the usage of uninitialised memory can potentially be exploited to execute arbitrary code when a movie with a user data atom size of zero is viewed.
10) A boundary error in the processing of JP2 images can be exploited to cause a heap-based buffer overflow when a specially crafted JP2 image is viewed.
1) An integer underflow error exists in the processing of "0x77" tags within PICT images, which can be exploited to cause a heap-based buffer overflow when the user opens a specially crafted PICT image or visits a malicious web site.
2) A vulnerability is caused due to an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file.
Successful exploitation may allow execution of arbitrary code.
3) A vulnerability is caused due to a boundary error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted AVI file.
Successful exploitation may allow execution of arbitrary code.
Vulnerabilities #2 and #3 are confirmed in version 7.60.92.0. Other versions may also be affected.
4) A boundary error exists when processing line specifiers in FLC delta encoded frames. This can be exploited to cause a heap-based buffer overflow when a specially crafted FLC compression file is opened.
5) A boundary error in the processing of compressed PSD images can be exploited to cause a heap-based buffer overflow when a specially crafted compressed PSD file is opened.
6) A boundary error error exists in the processing of PICT images, which can be exploited to cause a heap-based buffer overflow when a PICT image having a specially crafted 0x8201 opcode is opened.
7) A boundary error exists in the handling of Clipping Region (CRGN) atom types in a movie file. This can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is opened.
8) A sign extension error exists in the handling of image description atoms, which can be exploited to corrupt memory and potentially execute arbitrary code when a specially crafted video file is opened.
9) An error due to the usage of uninitialised memory can potentially be exploited to execute arbitrary code when a movie with a user data atom size of zero is viewed.
10) A boundary error in the processing of JP2 images can be exploited to cause a heap-based buffer overflow when a specially crafted JP2 image is viewed.
Solution
Update to version 7.6.2.
QuickTime 7.6.2 for Mac:
http://support.apple.com/downloads/QuickTime_7_6_2_for_Mac
QuickTime 7.6.2 for Windows:
http://support.apple.com/downloads/QuickTime_7_6_2_for_Windows
QuickTime 7.6.2 for Mac:
http://support.apple.com/downloads/QuickTime_7_6_2_for_Mac
QuickTime 7.6.2 for Windows:
http://support.apple.com/downloads/QuickTime_7_6_2_for_Windows
Original Reference
-