Secunia Advisory: SA18370 Print Advisory
Release Date: 2006-01-11
Critical:Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
CVE reference: CVE-2005-2340
CVE-2005-3707
CVE-2005-3708
CVE-2005-3709
CVE-2005-3710
CVE-2005-3711
CVE-2005-3713
CVE-2005-4092
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
1) A boundary error in the handling of QTIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious QTIF image is viewed.
2) Some boundary and integer overflow/underflow errors in the handling of TGA images can be exploited to cause a buffer overflow. This may allow arbitrary code execution when a malicious TGA image is viewed.
3) An integer overflow error exists in the handling of TIFF images. This can potentially be exploited to execute arbitrary code when a malicious TIFF image is viewed.
4) A boundary error in the handling of GIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious GIF image is viewed.
5) A boundary error in the handling of certain media files can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious media file is viewed.
The vulnerabilities affect both the Mac OS X and the Windows platforms.
Solution:
Update to version 7.0.4.
Mac OS X (version 10.3.9 or later):
http://www.apple.com/support/downloads/quicktime704.html
Windows 2000/XP:
http://www.apple.com/quicktime/download/win.html
Secunia
Release Date: 2006-01-11
Critical:Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
CVE reference: CVE-2005-2340
CVE-2005-3707
CVE-2005-3708
CVE-2005-3709
CVE-2005-3710
CVE-2005-3711
CVE-2005-3713
CVE-2005-4092
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
1) A boundary error in the handling of QTIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious QTIF image is viewed.
2) Some boundary and integer overflow/underflow errors in the handling of TGA images can be exploited to cause a buffer overflow. This may allow arbitrary code execution when a malicious TGA image is viewed.
3) An integer overflow error exists in the handling of TIFF images. This can potentially be exploited to execute arbitrary code when a malicious TIFF image is viewed.
4) A boundary error in the handling of GIF images can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious GIF image is viewed.
5) A boundary error in the handling of certain media files can be exploited to cause a heap-based buffer overflow. This may allow arbitrary code execution when a malicious media file is viewed.
The vulnerabilities affect both the Mac OS X and the Windows platforms.
Solution:
Update to version 7.0.4.
Mac OS X (version 10.3.9 or later):
http://www.apple.com/support/downloads/quicktime704.html
Windows 2000/XP:
http://www.apple.com/quicktime/download/win.html
Secunia