[PCWorks] Apple QuickTime Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Fri, 5 Aug 2011 04:39:26 -0500

TITLE:
Apple QuickTime Multiple Vulnerabilities

Criticality level:   Highly critical
Impact:   System access
Where:   From remote

Software:  Apple QuickTime 7.x

SECUNIA ADVISORY ID:
http://secunia.com/advisories/45516/

DESCRIPTION:
Multiple vulnerabilities have been reported in Apple QuickTime, 
which
can be exploited by malicious people to compromise a user's 
system.

For more information:
http://secunia.com/SA43814/
http://secunia.com/SA45054/

1) An error within the processing of GIF files can be exploited 
to
cause a heap-based buffer overflow by tricking a user into 
opening a
specially crafted GIF file.

2) Multiple errors within the processing of H.264 files can be
exploited to cause stack-based buffer overflows by tricking a 
user
into opening a specially crafted file.

3) An error within the QuickTime ActiveX control when 
processing QTL
files can be exploited to cause a stack-based buffer overflow 
by
tricking a user into visiting a malicious website.

Note: Vulnerabilities #1 through #3 do not affect Mac OS X 
versions.

4) An error within the processing of STSC atoms in QuickTime 
movie
files can be exploited to cause a heap-based buffer overflow by
tricking a user into opening specially crafted QuickTime movie
files.

5) An error within the processing of STSS atoms in QuickTime 
movie
files can be exploited to cause a heap-based buffer overflow by
tricking a user into opening specially crafted QuickTime movie
files.

6) An error within the processing of STSZ atoms in QuickTime 
movie
files can be exploited to cause a heap-based buffer overflow by
tricking a user into opening specially crafted QuickTime movie
files.

7) An error within the processing of STTS atoms in QuickTime 
movie
files can be exploited to cause a heap-based buffer overflow by
tricking a user into opening specially crafted QuickTime movie 
files.

SOLUTION:
Update to version 7.7.

ORIGINAL ADVISORY:
http://support.apple.com/kb/HT4826


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Apple QuickTime Multiple Vulnerabilities
• » [PCWorks] Apple QuickTime Multiple Vulnerabilities
• » [PCWorks] Apple QuickTime Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Apple QuickTime Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Apple QuickTime Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 08-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---