Apple QuickTime File Processing Remote Code Execution Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system. These issues are caused by memory corruption, heap overflow, sign extension, and uninitialized memory access errors when processing specially crafted Sorenson 3 video files, FLC compression files, compressed PSD images, PICT images, Clipping Region (CRGN) atom types in a movie file, MS ADPCM encoded audio data, image description atoms, movie files or JP2 images, which could be exploited by remote attackers to crash an affected application or execute malicious code by tricking a user into visiting a specially crafted web page or opening a malformed file.
Impact
- Remote Code Execution
System / Technologies affected
- Apple QuickTime versions prior to 7.6.2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Apple QuickTime version 7.6.2 :
http://www.apple.com/quicktime/download/
Vulnerability Identifier
- CVE-2009-0185
- CVE-2009-0188
- CVE-2009-0951
- CVE-2009-0952
- CVE-2009-0953
- CVE-2009-0954
- CVE-2009-0955
- CVE-2009-0956
- CVE-2009-0957
Source
Related Link
Share with