You are here

U-022: Apple QuickTime Multiple Vulnerabilities

October 28, 2011 - 8:15am

Addthis

PROBLEM:

Apple QuickTime Multiple Vulnerabilities.

PLATFORM:

Apple QuickTime prior to 7.7.1

ABSTRACT:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

reference LINKS:

Apple Product Security Article: HT5016
Secunia Advisory SA46618
SecurityTracker Alert ID: 1026251
CVE-2011-3218, CVE-2011-3219, CVE-2011-3220
CVE-2011-3221, CVE-2011-3222, CVE-2011-3223
CVE-2011-3228, CVE-2011-3247, CVE-2011-3248
CVE-2011-3249, CVE-2011-3250, CVE-2011-3251

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow error when handling PICT files can be exploited via a specially crafted .pict file.
2) A signedness error when handling font tables within QuickTime movie files can be exploited via a specially crafted movie file.
3) An unspecified error when handling FLC encoded movie files can be exploited to cause a buffer overflow via a specially crafted movie file.
4) An integer overflow error when handling JPEG2000 encoded movie files can be exploited via a specially crafted movie file.
5) An error when handling TKHD atoms within QuickTime movie files can be exploited to cause a memory corruption via a specially crafted movie file.
Note: The vulnerabilities #1 and #5 do not affect Mac OS X versions.

Impact:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

Update to or QuickTime 7.7.1.

 

Addthis