SecurityTracker.com Archives - QuickTime Heap Overflow in Processing PICT Image Error Messages Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Multimedia) > QuickTime

Vendors: Apple Computer

QuickTime Heap Overflow in Processing PICT Image Error Messages Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1019764

SecurityTracker URL: http://securitytracker.com/id?1019764

CVE Reference: CVE-2008-1020 (Links to External Site)

Date: Apr 3 2008

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Apple Security Advisory

Version(s): prior to 7.4.5

Description: A vulnerability was reported in QuickTime in the processing of error messages associated with PICT images. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted PICT file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Mac OS X systems are not affected.

Ruben Santamarta of Reversemode.com reported this vulnerability via TippingPoint.

Impact: A remote user can create a PICT image that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued a fixed version (7.4.5), available from the Software Update application, or from the Apple Downloads site at:

http://www.apple.com/support/downloa ds/

For Mac OS X v10.5 or later
The download file is named: "QuickTime745Leopard.dmg"
Its SHA-1 digest is: 764ec0031f18ef999a95c6b20f417f8d2c05a10f

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named: "QuickTime745Tiger.dmg"
Its SHA-1 digest is: 60c9b3e205e4995324dc53b2a4500318fc994e6b

For Mac OS X v10.3.9
The download file is named: "QuickTime745Panther.dmg"
Its SHA-1 digest is: 2b3230fbb4dcd1436bf8856b87281915a654f821

For Windows Vista / XP SP2
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 4e507f48610f9a65be18b2c37ceead18da2d4c03

QuickTime with iTunes for Windows XP or Vista
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: ff2a3c234d164f30f8b1d05297a49a55f3f4e8c0

The vendor's advisory is available at:

http://support.apple.com/kb/HT1232

Vendor URL: support.apple.com/kb/HT1232 (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Vista), Windows (XP)

Reported By: Apple Product Security <product-security-noreply@lists.apple.com>

Message History: None.

Source Message Contents

 

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC