Skip to main content

Apple QuickTime Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 16 Jan 2008 2900 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.

1. Due to a memory corruption issue in QuickTime's handling of Sorenson 3 video files, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted movie file.

2. Due to a memory corruption issue in QuickTime's handling of Macintosh Resource records in movie files, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted movie file.

3. Due to a memory corruption issue in QuickTime's parsing of Image Descriptor (IDSC) atoms, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted movie file.

4. Due to a buffer overflow error while processing a compressed PICT image, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted PICT image.

Note: They are different vulnerabilities from what was reported in HKCERT security alert "Apple QuickTime RTSP Response "Reason-Phrase" Buffer Overflow Vulnerability (14 January 2008)"


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Apple QuickTime versions prior to 7.4

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link