Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA47447

Apple QuickTime Multiple Vulnerabilities
Secunia Advisory SA47447
Secunia VIM 4.0 - Free Trial
Release Date 2012-05-16
Last Update 2012-08-23
   
Popularity 7,585 views
Comments 0 comments

Criticality level Highly criticalHighly critical
Impact System access
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
   
3rd party PoC/exploit Link available in Customer Area
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
   
Software:
Apple QuickTime 7.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2011-3458 CVSS score available to Secunia VIM customers
CVE-2011-3459 CVSS score available to Secunia VIM customers
CVE-2011-3460 CVSS score available to Secunia VIM customers
CVE-2012-0265 CVSS score available to Secunia VIM customers
CVE-2012-0658 CVSS score available to Secunia VIM customers
CVE-2012-0659 CVSS score available to Secunia VIM customers
CVE-2012-0660 CVSS score available to Secunia VIM customers
CVE-2012-0661 CVSS score available to Secunia VIM customers
CVE-2012-0663 CVSS score available to Secunia VIM customers
CVE-2012-0664 CVSS score available to Secunia VIM customers
CVE-2012-0665 CVSS score available to Secunia VIM customers
CVE-2012-0666 CVSS score available to Secunia VIM customers
CVE-2012-0667 CVSS score available to Secunia VIM customers
CVE-2012-0668 CVSS score available to Secunia VIM customers
CVE-2012-0669 CVSS score available to Secunia VIM customers
CVE-2012-0670 CVSS score available to Secunia VIM customers
CVE-2012-0671 CVSS score available to Secunia VIM customers
  

Description

Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system.

1) Boundary errors within QuickTime3GPP.qtx when handling various XML element attributes can be exploited to cause stack-based buffer overflows via a specially crafted TeXML file.

2) A boundary error within the handling of Text Track Descriptors can be exploited to cause a heap-based buffer overflow.

3) Insufficient validation when parsing H.264 encoded movie files can be exploited to cause a heap-based buffer overflow when the "pic_width_in_mbs_minus_1" and "pic_height_in_map_units_minus_1" values in the AVCC header data differs from the actual picture dimensions.

4) An error exists within the parsing of MP4 encoded files.

For more information see vulnerability #26 in:
SA47843

5) An off-by-one error can be exploited to cause a single byte buffer overflow.

For more information see vulnerability #28 in:
SA47843

6) An error when handling audio samples can be exploited to cause a buffer overflow.

For more information see vulnerability #8 in:
SA49039

7) An integer overflow error exists within the handling of MPEG files.

For more information see vulnerability #9 in:
SA49039

8) An error in Quicktime.qts within the plugin's handling of QTMovie objects can be exploited to cause a stack-based buffer overflow.

9) An error when parsing the MediaVideo header in videos encoded with the PNG format can be exploited to cause a buffer overflow.

For more information see vulnerability #30 in:
SA47843

10) A signedness error in QuickTimeVR.qtx when parsing a QTVRStringAtom with an overly large "stringLength" value can be exploited to cause a stack-based buffer overflow via a specially crafted QTVR movie file.

11) A use-after-free error exists when handling JPEG2000 encoded movie files.

For more information see vulnerability #11 in:
SA49039

12) An error within the decompression of RLE encoded movie files can be exploited to cause a buffer overflow.

13) An error when using the "mb_skip_run" value within a Sorenson v3 encoded movie file as a loop counter to write data can be exploited to cause a heap-based buffer overflow.

14) An integer overflow error in Quicktime.qts when handling 'sean' atoms can be exploited to execute arbitrary code.

15) An error within the DllMain module when parsing .pict files can be exploited to corrupt memory.

16) A boundary error in QuickTime.qts when extending a file path based on its short path form can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted file path.

Successful exploitation of this vulnerability requires that a user is e.g. tricked into opening a file in a specially crafted path.

17) An error when handling MPEG files can be exploited to cause a buffer underflow.

For more information see vulnerability #10 in:
SA49039

The vulnerabilities are reported in versions prior to 7.7.2.


Solution
Update to version 7.7.2.

Provided and/or discovered by
1, 2) Alexander Gavrun via ZDI
3) Luigi Auriemma via ZDI
8) CHkr_D591 via ZDI
10) Alin Rad Pop via ZDI
12) Luigi Auriemma via ZDI and an anonymous person via ZDI
13) Damian Put via ZDI
14) Tom Gallagher and Paul Bates, Microsoft via ZDI.
15) Rodrigo Rubira Branco, Qualys Vulnerability & Malware Research Labs (VMRL)
16) Tielei Wang, Georgia Tech Information Security Center via Secunia

Changelog
Further details available to Secunia VIM customers

Original Advisory
Apple (APPLE-SA-2012-05-15-1):
http://lists.apple.com/archives/security-announce/2012/May/msg00005.html

Rodrigo Rubira Branco:
http://archives.neohapsis.com/archives/fulldisclosure/2012-05/0116.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-075/
http://www.zerodayinitiative.com/advisories/ZDI-12-077/
http://www.zerodayinitiative.com/advisories/ZDI-12-078/
http://www.zerodayinitiative.com/advisories/ZDI-12-079/
http://www.zerodayinitiative.com/advisories/ZDI-12-095/
http://www.zerodayinitiative.com/advisories/ZDI-12-105/
http://www.zerodayinitiative.com/advisories/ZDI-12-107/
http://www.zerodayinitiative.com/advisories/ZDI-12-108/
http://www.zerodayinitiative.com/advisories/ZDI-12-109/
http://www.zerodayinitiative.com/advisories/ZDI-12-125/
http://www.zerodayinitiative.com/advisories/ZDI-12-153/

Other references
Further details available to Secunia VIM customers

Technical Analysis
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple QuickTime Multiple Vulnerabilities
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability