TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17428 VERIFY ADVISORY: http://secunia.com/advisories/17428/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ Apple Quicktime 6.x http://secunia.com/product/810/ DESCRIPTION: Piotr Bania has reported some vulnerabilities in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) An integer overflow error exists in the handling of a "Pascal" style string when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file. 2) An integer overflow error exists in the handling of certain movie attributes when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file. 3) A NULL pointer dereferencing error exists when handling certain missing movie attributes from a video file. This may be exploited to crash an application that uses QuickTime when a specially crafted video file is loaded. 4) A boundary error exists in the QuickTime PictureViewer when decompressing PICT data. This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file. The vulnerabilities have been reported in the following versions: * QuickTime version 6.5.2 and 7.0.1 for Mac OS X. * QuickTime versions 7.x prior to 7.0.3 for Windows. Prior versions may also be affected. SOLUTION: Update to version 7.0.3. http://www.apple.com/support/downloads/quicktime703.html PROVIDED AND/OR DISCOVERED BY: Piotr Bania ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302772 Piotr Bania: http://pb.specialised.info/all/adv/quicktime-mov-io1-adv.txt http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt http://pb.specialised.info/all/adv/quicktime-pict-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------