Internet threat level: 1
Home→Descriptions→SA47447
Apple QuickTime Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2012-0265, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0663, CVE-2012-0664, CVE-2012-0665, CVE-2012-0666, CVE-2012-0667, CVE-2012-0668, CVE-2012-0669, CVE-2012-0670, CVE-2012-0671 |
| Release Date |
16 May 2012 |
| Last Change |
23 Aug 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Apple QuickTime 7.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system. 1) Boundary errors within QuickTime3GPP.qtx when handling various XML element attributes can be exploited to cause stack-based buffer overflows via a specially crafted TeXML file. 2) A boundary error within the handling of Text Track Descriptors can be exploited to cause a heap-based buffer overflow. 3) Insufficient validation when parsing H.264 encoded movie files can be exploited to cause a heap-based buffer overflow when the "pic_width_in_mbs_minus_1" and "pic_height_in_map_units_minus_1" values in the AVCC header data differs from the actual picture dimensions. 4) An error exists within the parsing of MP4 encoded files. For more information see vulnerability #26 in: 5) An off-by-one error can be exploited to cause a single byte buffer overflow. For more information see vulnerability #28 in: 6) An error when handling audio samples can be exploited to cause a buffer overflow. For more information see vulnerability #8 in: 7) An integer overflow error exists within the handling of MPEG files. For more information see vulnerability #9 in: 8) An error in Quicktime.qts within the plugin's handling of QTMovie objects can be exploited to cause a stack-based buffer overflow. 9) An error when parsing the MediaVideo header in videos encoded with the PNG format can be exploited to cause a buffer overflow. For more information see vulnerability #30 in: 10) A signedness error in QuickTimeVR.qtx when parsing a QTVRStringAtom with an overly large "stringLength" value can be exploited to cause a stack-based buffer overflow via a specially crafted QTVR movie file. 11) A use-after-free error exists when handling JPEG2000 encoded movie files. For more information see vulnerability #11 in: 12) An error within the decompression of RLE encoded movie files can be exploited to cause a buffer overflow. 13) An error when using the "mb_skip_run" value within a Sorenson v3 encoded movie file as a loop counter to write data can be exploited to cause a heap-based buffer overflow. 14) An integer overflow error in Quicktime.qts when handling 'sean' atoms can be exploited to execute arbitrary code. 15) An error within the DllMain module when parsing .pict files can be exploited to corrupt memory. 16) A boundary error in QuickTime.qts when extending a file path based on its short path form can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted file path. Successful exploitation of this vulnerability requires that a user is e.g. tricked into opening a file in a specially crafted path. 17) An error when handling MPEG files can be exploited to cause a buffer underflow. For more information see vulnerability #10 in: The vulnerabilities are reported in versions prior to 7.7.2. |
| Solution |
Update to version 7.7.2. |
| Reported by |
1, 2) Alexander Gavrun via ZDI |
| Original Advisory |
Apple (APPLE-SA-2012-05-15-1): Rodrigo Rubira Branco: ZDI: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.