1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Apple QuickTime Multiple Vulnerabilities

Report ID: SA200902372
Source: Secunia
Date of Discovery: 22.05.2009
Criticality: Urgent
Affects:
Apple QuickTime 7.x

Compromise From: From remote
Compromise Type: System access

Summary

Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system

Detailed Description

Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system

1) An integer underflow error exists in the processing of "0x77" tags within PICT images, which can be exploited to cause a heap-based buffer overflow when the user opens a specially crafted PICT image or visits a malicious web site.

2) A vulnerability is caused due to an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file.

Successful exploitation may allow execution of arbitrary code.

3) A vulnerability is caused due to a boundary error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted AVI file.

Successful exploitation may allow execution of arbitrary code.

Vulnerabilities #2 and #3 are confirmed in version 7.60.92.0. Other versions may also be affected.

4) A boundary error exists when processing line specifiers in FLC delta encoded frames. This can be exploited to cause a heap-based buffer overflow when a specially crafted FLC compression file is opened.

5) A boundary error in the processing of compressed PSD images can be exploited to cause a heap-based buffer overflow when a specially crafted compressed PSD file is opened.

6) A boundary error error exists in the processing of PICT images, which can be exploited to cause a heap-based buffer overflow when a PICT image having a specially crafted 0x8201 opcode is opened.

7) A boundary error exists in the handling of Clipping Region (CRGN) atom types in a movie file. This can be exploited to cause a heap-based buffer overflow when a specially crafted movie file is opened.

8) A sign extension error exists in the handling of image description atoms, which can be exploited to corrupt memory and potentially execute arbitrary code when a specially crafted video file is opened.

9) An error due to the usage of uninitialised memory can potentially be exploited to execute arbitrary code when a movie with a user data atom size of zero is viewed.

10) A boundary error in the processing of JP2 images can be exploited to cause a heap-based buffer overflow when a specially crafted JP2 image is viewed.

Solution

Update to version 7.6.2.

QuickTime 7.6.2 for Mac:
http://support.apple.com/downloads/QuickTime_7_6_2_for_Mac

QuickTime 7.6.2 for Windows:
http://support.apple.com/downloads/QuickTime_7_6_2_for_Windows

Original Reference

-