Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024729 |
|
SecurityTracker URL: http://securitytracker.com/id/1024729
|
|
CVE Reference:
CVE-2010-3787, CVE-2010-3788, CVE-2010-3789, CVE-2010-3790, CVE-2010-3791, CVE-2010-3792, CVE-2010-3793, CVE-2010-3794, CVE-2010-3795
(Links to External Site)
|
Date: Nov 11 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Multiple vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted image or movie file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted JP2 image can trigger a heap overflow [CVE-2010-3787]. Nils of MWR InfoSecurity reported this vulnerability.
A specially crafted JP2 image can trigger a memory access error [CVE-2010-3788]. Damian Put and Procyun reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted AVI file can trigger a memory corruption error [CVE-2010-3789]. Damian Put reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted movie file can trigger a memory corruption error [CVE-2010-3790]. Honggang Ren of Fortinet's FortiGuard Labs reported this vulnerability.
A specially crafted movie file can trigger a buffer overflow [CVE-2010-3791]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted MPEG encoded movie file can trigger a signedness error [CVE-2010-3792]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted Sorenson encoded movie file can trigger a memory corruption error [CVE-2010-3793]. Carsten Eiram of Secunia Research and also an anonymous researcher (via TippingPoint's Zero Day Initiative) separately reported this vulnerability.
A specially crafted FlashPix image can trigger a memory access error [CVE-2010-3794]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted GIF image can trigger an uninitialized memory access error [CVE-2010-3795]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
Apple has issued a fix as part of Mac OS X v10.6.5 and Security Update 2010-007, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2010-007 or Mac OS X v10.6.5.
For Mac OS X v10.6.4
The download file is named: MacOSXUpd10.6.5.dmg
Its SHA-1 digest is: ccd856d0672394fd80c6873a8f43c6739708b44f
For Mac OS X v10.6 - v10.6.3
The download file is named: MacOSXUpdCombo10.6.5.dmg
Its SHA-1 digest is: add336a1af1c3914887d2217fbbc98b18e6fb57c
For Mac OS X Server v10.6.4
The download file is named: MacOSXServerUpd10.6.5.dmg
Its SHA-1 digest is: fc1158e9e526e387cd37d6ecea76ae1ecc284eeb
For Mac OS X Server v10.6 - v10.6.3
The download file is named: MacOSXServUpdCombo10.6.5.dmg
Its SHA-1 digest is: 1317084400ea9b11f44d30cf3723ce991346b360
The vendor's advisory is available at:
http://support.apple.com/kb/HT4435
|
Vendor URL: support.apple.com/kb/HT4435 (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 11 Nov 2010 07:23:26 +0000
Subject: Apple Quicktime
|
APPLE-SA-2010-11-10-1 Mac OS X v10.6.5 and Security Update 2010-007
QuickTime
CVE-ID: CVE-2010-3787
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of JP2 images. Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to Nils
of MWR InfoSecurity for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3788
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved validation
of JP2 images. Credit to Damian Put and Procyun, working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3789
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue is in QuickTime's handling of
avi files. Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of avi files. Credit to
Damian Put working with TippingPoint's Zero Day Initiative for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3790
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of movie
files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3791
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
Credit to an anonymous researcher working with TippingPoint's Zero
Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3792
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of MPEG
encoded movie files. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3793
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
Sorenson encoded movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved validation
of Sorenson encoded movie files. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative and Carsten Eiram of
Secunia Research for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3794
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted FlashPix image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of FlashPix images. Viewing a maliciously
crafted FlashPix image may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory management. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-3795
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description: An unitialized memory access issue exists in
QuickTime's handling of GIF images. Viewing a maliciously crafted GIF
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved memory
management. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
|
|
