Apple QuickTime Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.
1. Due to a memory corruption issue in QuickTime's handling of Sorenson 3 video files, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted movie file.
2. Due to a memory corruption issue in QuickTime's handling of Macintosh Resource records in movie files, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted movie file.
3. Due to a memory corruption issue in QuickTime's parsing of Image Descriptor (IDSC) atoms, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted movie file.
4. Due to a buffer overflow error while processing a compressed PICT image, which could be exploited by remote attacker to execute arbitrary code by tricking a user into viewing a maliciously crafted PICT image.
Note: They are different vulnerabilities from what was reported in HKCERT security alert "Apple QuickTime RTSP Response "Reason-Phrase" Buffer Overflow Vulnerability (14 January 2008)"
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Apple QuickTime versions prior to 7.4
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Apple QuickTime version 7.4
http://www.apple.com/support/downloads/
Vulnerability Identifier
Source
Related Link
Share with