English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Apple QuickTime Multiple Vulnerabilities


Secunia ID

SA51226

CVE-ID

CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758

Release Date

08 Nov 2012

Last Change

19 Dec 2012

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Apple QuickTime 7.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow.

2) An error when processing a PICT file can be exploited to corrupt memory.

3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object.

4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file.

5) Some errors when processing TeXML files can be exploited to cause a buffer overflows.

6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow.

7) A use-after-free error exists in the ActiveX control when handling "Clear()" method.

8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow.

9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow.

The vulnerabilities are reported in versions prior to 7.7.3.

Solution

Update to version 7.7.3.

Reported by

2) Jeremy Brown, Microsoft

The vendor credits:
1) Mark Yason, IBM X-Force
3, 7) chkr_d591 via iDefense VCP
4) Alexander Gavrun via ZDI
5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs
6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs
8) Senator of Pirates
9) Kevin Szkudlapski, QuarksLab

Original Advisory

Apple:
http://support.apple.com/kb/HT5581

Microsoft:
http://technet.microsoft.com/en-us/security/msvr/msvr12-021