Secunia Advisory: SA24359
Release Date: 2007-03-06
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
CVE reference: CVE-2007-0711 (Secunia mirror)
CVE-2007-0712 (Secunia mirror)
CVE-2007-0713 (Secunia mirror)
CVE-2007-0714 (Secunia mirror)
CVE-2007-0715 (Secunia mirror)
CVE-2007-0716 (Secunia mirror)
CVE-2007-0717 (Secunia mirror)
CVE-2007-0718 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
NOTE: This does not affect QuickTime on Mac OS X.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to version 7.1.5.
Bollettino di Sicurezza
Release Date: 2007-03-06
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
CVE reference: CVE-2007-0711 (Secunia mirror)
CVE-2007-0712 (Secunia mirror)
CVE-2007-0713 (Secunia mirror)
CVE-2007-0714 (Secunia mirror)
CVE-2007-0715 (Secunia mirror)
CVE-2007-0716 (Secunia mirror)
CVE-2007-0717 (Secunia mirror)
CVE-2007-0718 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
1) An integer overflow error exists in the handling of 3GP video files.
NOTE: This does not affect QuickTime on Mac OS X.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to version 7.1.5.
Bollettino di Sicurezza
