|
|
|
>> Apple QuickTime File Processing Remote Code Execution Vulnerabilities
|
Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system. These issues are caused by memory corruption, heap overflow, sign extension, and uninitialized memory access errors when processing specially crafted Sorenson 3 video files, FLC compression files, compressed PSD images, PICT images, Clipping Region (CRGN) atom types in a movie file, MS ADPCM encoded audio data, image description atoms, movie files or JP2 images, which could be exploited by remote attackers to crash an affected application or execute malicious code by tricking a user into visiting a specially crafted web page or opening a malformed file.
Affected Products
Apple QuickTime versions prior to 7.6.2
Solution
Upgrade to Apple QuickTime version 7.6.2 :
http://www.apple.com/quicktime/download/
References
http://www.vupen.com/english/advisories/2009/1469
http://support.apple.com/kb/HT3591
Credits
Vulnerabilities reported by Carsten Eiram (Secunia Research), ZDI, Damian Put via ZDI, Sebastian Apelt via ZDI, Alin Rad Pop (Secunia Research), Roee Hay (IBM Rational Application Security Research Group), Lurene Grenier (Sourcefire),Charlie Miller (Independent Security Evaluators) and Damian Put via ZDI.
ChangeLog
2009-06-02 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
 |
