PROBLEM:
Apple QuickTime Multiple Vulnerabilities.
PLATFORM:
Apple QuickTime prior to 7.7.1
ABSTRACT:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
reference LINKS:
Apple Product Security Article: HT5016
Secunia Advisory SA46618
SecurityTracker Alert ID: 1026251
CVE-2011-3218, CVE-2011-3219, CVE-2011-3220
CVE-2011-3221, CVE-2011-3222, CVE-2011-3223
CVE-2011-3228, CVE-2011-3247, CVE-2011-3248
CVE-2011-3249, CVE-2011-3250, CVE-2011-3251
IMPACT ASSESSMENT:
High
Discussion:
Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.
1) An integer overflow error when handling PICT files can be exploited via a specially crafted .pict file.
2) A signedness error when handling font tables within QuickTime movie files can be exploited via a specially crafted movie file.
3) An unspecified error when handling FLC encoded movie files can be exploited to cause a buffer overflow via a specially crafted movie file.
4) An integer overflow error when handling JPEG2000 encoded movie files can be exploited via a specially crafted movie file.
5) An error when handling TKHD atoms within QuickTime movie files can be exploited to cause a memory corruption via a specially crafted movie file.
Note: The vulnerabilities #1 and #5 do not affect Mac OS X versions.
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:
Update to or QuickTime 7.7.1.