SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple QuickTime Vendors:   Apple
QuickTime Heap Overflow in Processing PICT Images Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020215
SecurityTracker URL:  http://securitytracker.com/id/1020215
CVE Reference:   CVE-2008-1583   (Links to External Site)
Date:  Jun 10 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.5
Description:   A vulnerability was reported in QuickTime in the processing of PICT image files. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted PICT image file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Liam O Murchu of Symantec reported this vulnerability.

Impact:   A remote user can create a PICT image file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Apple has issued a fixed version (7.5), available from the Software Update application, or from the QuickTime Downloads site at:

http://www.apple.com/quicktime/download/

For Mac OS X v10.5 or later
The download file is named: "QuickTime75_Leopard.dmg"
Its SHA-1 digest is: 207c4dcc6a6adc8e600598db3ce036c40a3926f6

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named: "QuickTime75_Tiger.dmg"
Its SHA-1 digest is: 5b89879be97d93e6560f95fb5000fcb0a33fbcaa

For Mac OS X v10.3.9
The download file is named: "QuickTime75_Panther.dmg"
Its SHA-1 digest is: 92dd692563e685ae535b9272c1ef4f3c5bdd0eef

For Windows Vista / XP SP2
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 81d70a503adb132048f744c3ffc0cea487cf2cac

QuickTime with iTunes for Windows XP or Vista
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 8123286fffa53d4ae2c187edccab778fb0f5f34f

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2008-06-09 QuickTime 7.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-06-09 QuickTime 7.5

QuickTime 7.5 is now available and addresses the following issues:

QuickTime
CVE-ID:  CVE-2008-1581
Available for:  Windows Vista, XP SP2
Impact:  Opening a maliciously crafted PICT image file may lead to an
unexpected application termination or arbitrary code execution
Description:  An issue in QuickTime's handling of PixData structures
when processing a PICT image may result in a heap buffer overflow.
Opening a maliciously crafted PICT image may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking. This issue does
not affect systems running Mac OS X. Credit to Dyon Balding of
Secunia Research for reporting this issue.

QuickTime
CVE-ID:  CVE-2008-1582
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact:  Opening a maliciously crafted AAC-encoded media content may
lead to an unexpected application termination or arbitrary code
execution
Description:  A memory corruption issue exists in QuickTime's
handling of AAC-encoded media content. Opening a maliciously crafted
media file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of media files. Credit to Dave
Soldera of NGS Software, and Jens Alfke for reporting this issue.

QuickTime
CVE-ID:  CVE-2008-1583
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact:  Opening a maliciously crafted PICT image file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime's handling
of PICT images. Opening a maliciously crafted PICT image file may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to Liam O Murchu of Symantec for reporting this
issue.

QuickTime
CVE-ID:  CVE-2008-1584
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact:  Viewing maliciously crafted Indeo video media content may
lead to an unexpected application termination or arbitrary code
execution
Description:  An issue in QuickTime's handling of Indeo video codec
content may result in a stack buffer overflow. Viewing a maliciously
crafted movie file with Indeo video codec content may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by not rendering Indeo video codec
content. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID:  CVE-2008-1585
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact:  Playing maliciously crafted QuickTime content in QuickTime
Player may lead to arbitrary code execution
Description:  A URL handling issue exists in QuickTime's handling of
file: URLs. This may allow arbitrary applications and files to be
launched when a user plays maliciously crafted QuickTime content in
QuickTime Player. This update addresses the issue by revealing files
in Finder or Windows Explorer rather than launching them. Credit to
Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D.
(pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day
Initiative for reporting this issue.

QuickTime 7.5 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

For Mac OS X v10.5 or later
The download file is named:  "QuickTime75_Leopard.dmg"
Its SHA-1 digest is:  207c4dcc6a6adc8e600598db3ce036c40a3926f6

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named:  "QuickTime75_Tiger.dmg"
Its SHA-1 digest is:  5b89879be97d93e6560f95fb5000fcb0a33fbcaa

For Mac OS X v10.3.9
The download file is named:  "QuickTime75_Panther.dmg"
Its SHA-1 digest is:  92dd692563e685ae535b9272c1ef4f3c5bdd0eef

For Windows Vista / XP SP2
The download file is named:  "QuickTimeInstaller.exe"
Its SHA-1 digest is:  81d70a503adb132048f744c3ffc0cea487cf2cac

QuickTime with iTunes for Windows XP or Vista
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  8123286fffa53d4ae2c187edccab778fb0f5f34f

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wsBVAwUBSE3I+HkodeiKZIkBAQiNvggAlLOvEaScjlj0Y4ZOg3bgjXHgmQtMIGFG
iG2/0v9tD0xYTfUD/1Yhu58CJ5wTvhVFx0KuSXb9EUUdEZXpCkvJGqG5W9MK1Kmq
iPE7YIPGHBit2/xG4VE4U2vMh6YPtQUpSqAUhEhWU1a2o5+6C8kG1TUBeTf+hUlK
RoWrlf41YMlmrgqT45ZqeT2SXEtGLgb0qYg6Unroks0pYB25xJUUl87/Q4dNKLOg
N+mxsPvQwI8CY3EsigQGG7BN14jXSl+44fXQyP/Lfljy/YPjUMT/gXk7l+pP+MOI
9x7qrBkEmN54rSDK+UfB/oFaF3Cwa1csKxT+rg82DUcHnQviaxI/zw==
=2/AX
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC