Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Apple Issues Fix) Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024831 |
|
SecurityTracker URL: http://securitytracker.com/id/1024831
|
|
CVE Reference:
CVE-2010-3787, CVE-2010-3788, CVE-2010-3789, CVE-2010-3790, CVE-2010-3791, CVE-2010-3792, CVE-2010-3793, CVE-2010-3794, CVE-2010-3795
(Links to External Site)
|
Date: Dec 7 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Multiple vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted image or movie file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted JP2 image can trigger a heap overflow [CVE-2010-3787]. Nils of MWR InfoSecurity reported this vulnerability.
A specially crafted JP2 image can trigger a memory access error [CVE-2010-3788]. Damian Put and Procyun reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted AVI file can trigger a memory corruption error [CVE-2010-3789]. Damian Put reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted movie file can trigger a memory corruption error [CVE-2010-3790]. Honggang Ren of Fortinet's FortiGuard Labs reported this vulnerability.
A specially crafted movie file can trigger a buffer overflow [CVE-2010-3791]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted MPEG encoded movie file can trigger a signedness error [CVE-2010-3792]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted Sorenson encoded movie file can trigger a memory corruption error [CVE-2010-3793]. Carsten Eiram of Secunia Research and also an anonymous researcher (via TippingPoint's Zero Day Initiative) separately reported this vulnerability.
A specially crafted FlashPix image can trigger a memory access error [CVE-2010-3794]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted GIF image can trigger an uninitialized memory access error [CVE-2010-3795]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
Apple has issued a fix (7.6.9), available from the Software Update application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
For Mac OS X v10.5.8
The download file is named: "QuickTime769Leopard.dmg"
Its SHA-1 digest is: b580bfb4a66484f3ca12bcaf6e4adfde57574e20
For Windows 7 / Vista / XP SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 1eec8904f041d9e0ad3459788bdb690e45dbc38e
QuickTime is incorporated into Mac OS X v10.6 and later.
QuickTime 7.6.9 is not presented to systems running
Mac OS X v10.6 or later.
The vendor's advisory is available at:
http://support.apple.com/kb/HT4447
|
Vendor URL: support.apple.com/kb/HT4435 (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (OS X), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 7 Dec 2010 13:51:42 -0800
Subject: APPLE-SA-2010-12-07-1 QuickTime 7.6.9
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-12-07-1 QuickTime 7.6.9
QuickTime 7.6.9 is now available and addresses the following:
QuickTime
CVE-ID: CVE-2010-3787
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of JP2 images. Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to
Nils of MWR InfoSecurity for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3788
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved validation
of JP2 images. For Mac OS X v10.6 systems, this issue is addressed in
Mac OS X v10.6.5. Credit to Damian Put and Procyun, working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3789
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue is in QuickTime's handling of
avi files. Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of avi files. For Mac OS
X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit
to Damian Put working with TippingPoint's Zero Day Initiative for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3790
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of movie
files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS
X v10.6.5. Credit to Honggang Ren of Fortinet's FortiGuard Labs for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3791
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
For Mac OS X v10.6 systems, this issue is addressed in Mac OS X
v10.6.5. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3792
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of MPEG
encoded movie files. For Mac OS X v10.6 systems, this issue is
addressed in Mac OS X v10.6.5. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-3793
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of Sorenson encoded movie files. Viewing a maliciously
crafted movie file may lead to an unexpected application termination
or arbitrary code execution. This issue is addressed through improved
validation of Sorenson encoded movie files. For Mac OS X v10.6
systems, this issue is addressed in Mac OS X v10.6.5. Credit to an
anonymous researcher working with TippingPoint's Zero Day Initiative,
and Carsten Eiram of Secunia Research for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3794
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of FlashPix images. Viewing a maliciously
crafted FlashPix image may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory management. For Mac OS X v10.6 systems, this
issue is addressed in Mac OS X v10.6.5. Credit to an anonymous
researcher working with TippingPoint's Zero Day Initiative for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3795
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of GIF images. Viewing a maliciously crafted GIF
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved memory
management. For Mac OS X v10.6 systems, this issue is addressed in
Mac OS X v10.6.5. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3800
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of PICT files. Viewing a maliciously crafted PICT file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved validation of
PICT files. Credit to Moritz Jodeit of n.runs AG and Damian Put,
working with TippingPoint's Zero Day Initiative, and Hossein Lotfi
(s0lute), working with VeriSign iDefense Labs for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-3801
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of FlashPix images. Viewing a maliciously crafted FlashPix
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved memory
management. Credit to Damian Put working with TippingPoint's Zero Day
Initiative, and Rodrigo Rubira Branco from the Check Point
Vulnerability Discovery Team for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3802
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie
files. Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of QTVR movie files.
Credit to an anonymous researcher working with TippingPoint's Zero
Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-1508
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of Track Header (tkhd) atoms. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved bounds
checking. This issue does not affect Mac OS X systems. Credit to
Moritz Jodeit of n.runs AG, working with TippingPoint's Zero Day
Initiative, and Carsten Eiram of Secunia Research for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-0530
Available for: Windows 7, Vista, XP SP2 or later
Impact: A local user may have access to sensitive information
Description: A filesystem permission issue exists in QuickTime. This
may allow a local user to access the contents of the "Apple Computer"
directory in the user's profile, which may lead to the disclosure of
sensitive information. This issue is addressed through improved
filesystem permissions. This issue does not affect Mac OS X systems.
Credit to Geoff Strickler of On-Line Transaction Consultants for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-4009
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling of
movie files. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to
Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.
QuickTime 7.6.9 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
For Mac OS X v10.5.8
The download file is named: "QuickTime769Leopard.dmg"
Its SHA-1 digest is: b580bfb4a66484f3ca12bcaf6e4adfde57574e20
For Windows 7 / Vista / XP SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 1eec8904f041d9e0ad3459788bdb690e45dbc38e
QuickTime is incorporated into Mac OS X v10.6 and later.
QuickTime 7.6.9 is not presented to systems running
Mac OS X v10.6 or later.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJM/ngJAAoJEGnF2JsdZQeecgIH/R889Ok7p9zwT45UOAURIQiC
PpJ93YkOFJrSZGw4n0VkaQDVyzpKxC8qjoq/RyDytTCkie48XojjSKujacCiYeXr
40lHoR2QnDdlsrQG39l0cNcqmTA9r970DNpQc2KOmzkmJBdY/Z9afelTKDKdaXaD
67/9kWRhexsn+1yBR73MAc5e0RlDCX1CbkRd+tmMpx9viOZL+4nuLXRjSci+qAgQ
FncCPFh/tSH1QFo3/Pa88VoCFqt8hAdBZRKnPQa/dxzZYDYwEASrGrxnlgj1QqZs
sJP92Bwj6D9U/xaj2XoVpjzcy4iM7YqN8trac70YC7v/ID3kigEq9eOQ9AtpxvM=
=NQ1W
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/gst%40securitytracker.com
This email sent to gst@securitytracker.com
|
|
Go to the Top of This SecurityTracker Archive Page
|
