Secunia Advisory: SA29293
Release Date: 2008-06-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
CVE reference:
CVE-2008-1581 (Secunia mirror)
CVE-2008-1582 (Secunia mirror)
CVE-2008-1583 (Secunia mirror)
CVE-2008-1584 (Secunia mirror)
CVE-2008-1585 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData structure in a PICT file can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
2) An error in the processing of AAC-encoded media content can be exploited to cause a memory corruption via a specially crafted media file.
3) A boundary error in the processing of PICT files can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
4) A boundary error in the processing of Indeo video codec content can be exploited to cause a stack-based buffer overflow via a specially crafted movie file with Indeo video codec content.
5) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs when playing specially crafted QuickTIme content in QuickTime Player.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution:
Update to version 7.5 (via Software Update or Apple Downloads. See vendor's advisory for details).
Bollettino di Sicurezza
Aggiornate Quick Time
Release Date: 2008-06-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
CVE reference:
CVE-2008-1581 (Secunia mirror)
CVE-2008-1582 (Secunia mirror)
CVE-2008-1583 (Secunia mirror)
CVE-2008-1584 (Secunia mirror)
CVE-2008-1585 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData structure in a PICT file can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
2) An error in the processing of AAC-encoded media content can be exploited to cause a memory corruption via a specially crafted media file.
3) A boundary error in the processing of PICT files can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
4) A boundary error in the processing of Indeo video codec content can be exploited to cause a stack-based buffer overflow via a specially crafted movie file with Indeo video codec content.
5) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs when playing specially crafted QuickTIme content in QuickTime Player.
Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution:
Update to version 7.5 (via Software Update or Apple Downloads. See vendor's advisory for details).
Bollettino di Sicurezza
Aggiornate Quick Time