Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow.
2) An error when processing a PICT file can be exploited to corrupt memory.
3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object.
4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file.
5) Some errors when processing TeXML files can be exploited to cause a buffer overflows.
6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow.
7) A use-after-free error exists in the ActiveX control when handling "Clear()" method.
8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow.
9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow.
The vulnerabilities are reported in versions prior to 7.7.3.
Solution: Update to version 7.7.3.
Provided and/or discovered by: 2) Jeremy Brown, Microsoft
The vendor credits:
1) Mark Yason, IBM X-Force
3, 7) chkr_d591 via iDefense VCP
4) Alexander Gavrun via ZDI
5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs
6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs
8) Senator of Pirates
9) Kevin Szkudlapski, QuarksLab
Original Advisory: Apple:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Apple QuickTime Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.