Secunia

Piotr Bania has reported some vulnerabilities in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.

1) An integer overflow error exists in the handling of a "Pascal" style string when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.

2) An integer overflow error exists in the handling of certain movie attributes when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.

3) A NULL pointer dereferencing error exists when handling certain missing movie attributes from a video file. This may be exploited to crash an application that uses QuickTime when a specially crafted video file is loaded.

4) A boundary error exists in the QuickTime PictureViewer when decompressing PICT data. This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file.

The vulnerabilities have been reported in the following versions:
* QuickTime version 6.5.2 and 7.0.1 for Mac OS X.
* QuickTime versions 7.x prior to 7.0.3 for Windows.

Prior versions may also be affected.

Solution
Update to version 7.0.3.
Further details available in Customer Area

Provided and/or discovered by
Piotr Bania

Changelog
Further details available in Customer Area

Original Advisory
Apple:
http://docs.info.apple.com/article.html?artnum=302772

Piotr Bania:
http://pb.specialised.info/all/adv/quicktime-mov-io1-adv.txt
http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt
http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt
http://pb.specialised.info/all/adv/quicktime-pict-adv.txt

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area