|
|
>> Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
|
Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to disclose sensitive information or take complete control of an affected system. These issues are caused by memory corruption and implementation errors when processing specially crafted Java applets, data reference atoms, movie media tracks, movie files with Animation codec, "crgn" and "chan" atoms, records, Clip opcode and error messages within PICT images, and "obji" atoms in VR movie files, which could be exploited by remote attackers to gain knowledge of sensitive information or execute arbitrary code by tricking a user into visiting a malicious web page.
Affected Products
Apple QuickTime versions prior to 7.4.5
Solution
Upgrade to Apple QuickTime 7.4.5 for Windows :
http://www.apple.com/support/downloads/quicktime745forwindows.html
Upgrade to Apple QuickTime 7.4.5 for Leopard :
http://www.apple.com/support/downloads/quicktime745forleopard.html
Upgrade to Apple QuickTime 7.4.5 for Panther :
http://www.apple.com/support/downloads/quicktime745forpanther.html
Upgrade to Apple QuickTime 7.4.5 for Tiger :
http://www.apple.com/support/downloads/quicktime745fortiger.html
References
http://www.vupen.com/english/advisories/2008/1078
http://support.apple.com/kb/HT1241
Credits
Vulnerabilities reported by Adam Gowdiak, Jorge Escala (Open Tech Solutions), Vinoo Thomas and Rahul Mohandas (McAfee Avert Labs), Chris Ries (Carnegie Mellon University Computing Services), Sanbin Li, bugfree, Zero Day Initiative, Ruben Santamarta (Reversemode), and Wei Wang (McAfee AVERT labs).
ChangeLog
2008-04-03 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
