|
|
>> Apple QuickTime Multiple File Format Handling Remote Command Execution Vulnerabilities
|
Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system.
The first issue is due to an integer overflow error when handling malformed 3GP video files, which could be exploited by attackers to execute arbitrary commands via a malicious web page.
The second flaw is due to a heap overflow error when handling a specially crafted MIDI file, which could be exploited by attackers to execute arbitrary commands by tricking a user into visiting a malicious web site.
The third vulnerability is due to a buffer overflow error when processing malformed QuickTime movies, which could be exploited by attackers to execute arbitrary commands via a malicious web page.
The fourth issue is due to an ineteger overflow error when handling malformed UDTA atoms in movie files, which could be exploited by attackers to execute arbitrary commands by convincing a user to visit a malicious web site.
The fifth issue is due to a heap overflow error when processing malformed PICT files, which could be exploited by attackers to execute arbitrary commands via a malicious web site.
The sixth vulnerability is due to a stack overflow error when handling a specially crafted QTIF file, which could be exploited by attackers to execute arbitrary commands by tricking a user into visiting a malicious web site.
The seventh issue is due to a integer overflow error when processing a malformed QTIF file, which could be exploited by attackers to execute arbitrary commands via a malicious web site.
The eighth vulnerability is due to a heap overflow error when handling a specially crafted QTIF file, which could be exploited by attackers to execute arbitrary commands by convincing a user to visit a malicious web site.
Affected Products
Apple QuickTime version 7.1.4 and prior
Solution
Upgrade to QuickTime version 7.1.5 :
http://www.apple.com/quicktime/download/
References
http://www.vupen.com/english/advisories/2007/0825
http://docs.info.apple.com/article.html?artnum=305149
Credits
Vulnerabilities reported by JJ Reyes, Mike Price (McAfee AVERT Labs), Piotr Bania, Artur Ogloza, Sowhat (Nevis Labs), Zero Day Initiative, Ruben Santamarta and iDefense Labs.
ChangeLog
2007-03-05 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
