|
Apple QuickTime Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA29293
|
|
|
Release Date:
|
2008-06-10
|
|
Last Update:
|
2008-09-10
|
|
Popularity:
|
25,292 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Apple QuickTime 7.x
|
|
|
Binary Analysis:
|
BA362 :: Available for 1 Credit 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2008-1581
CVE-2008-1582
CVE-2008-1583
CVE-2008-1584
CVE-2008-1585
CVE-2008-2319
|
|
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData structure in a PICT file can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
2) An error in the processing of AAC-encoded media content can be exploited to cause a memory corruption via a specially crafted media file.
3) A boundary error in the processing of PICT files can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
4) A boundary error in the processing of Indeo video codec content can be exploited to cause a stack-based buffer overflow via a specially crafted movie file with Indeo video codec content.
5) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs when playing specially crafted QuickTIme content in QuickTime Player.
6) An sign-extension error in the processing of PICT files can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution:
Update to version 7.5 (via Software Update or Apple Downloads. See vendor's advisory for details).
Provided and/or discovered by:
1) Dyon Balding, Secunia Research
2) Independently discovered by:
* Dave Soldera, NGS Software
* Jens Alfke
3) Liam O Murchu, Symantec
4) An anonymous researcher, reported via ZDI
5) Independently discovered by:
* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs
* Petko D. (pdp) Petkov, GNUCITIZEN
6) Sergio 'shadown' Alvarez of n.runs AG
Changelog:
2008-06-11: Added links to ZDI and US-CERT.
2008-07-17: Added vulnerability #6 based on updated information from the vendor. Added link to n.runs AG advisory. Updated credits. Added additional CVE reference.
2008-09-10: Added additional link to "Original Advisory" section.
Original Advisory:
Apple:
http://support.apple.com/kb/HT1991
Secunia Research:
http://secunia.com/secunia_research/2008-9/
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-037/
http://www.zerodayinitiative.com/advisories/ZDI-08-038/
n.runs AG:
http://www.nruns.com/security_advisory_quicktime_arbitrary_code_execution.php
GNUCITIZEN:
http://www.gnucitizen.org/blog/details-of-the-quicktime-vulnerability/
Other References:
US-CERT VU#132419:
http://www.kb.cert.org/vuls/id/132419
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
