Skip to main content

Apple QuickTime Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 9 Dec 2010 5845 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by local attackers to gain knowledge of sensitive information or by remote attackers to execute arbitrary code.

1. Due to a heap overflow error when processing JP2 images, which could be exploited to compromise a vulnerable system via a malicious image or web page.

2. Due to an uninitialized memory access when processing JP2 images, which could be exploited to execute arbitrary code via a malicious image or web page.

3. Due to a memory corruption error when handling AVI files, which could be exploited to compromise a vulnerable system via a malicious video or web page.

4. Due to a memory corruption error when handling movie files, which could be exploited to compromise a vulnerable system via a malicious video or web page.

5. Due to a buffer overflow error when processing MPEG encoded movie files, which could be exploited to execute arbitrary code via a malicious video or web page.

6. Due to a signedness error when processing MPEG encoded movie files, which could be exploited to execute arbitrary code via a malicious video or web page.

7. Due to a memory corruption error when processing Sorenson encoded movie files, which could be exploited to execute arbitrary code via a malicious video or web page.

8. Due to an uninitialized memory access when processing FlashPix images, which could be exploited to execute arbitrary code via a malicious image or web page.

9. Due to an uninitialized memory access when processing GIF images, which could be exploited to execute arbitrary code via a malicious image or web page.

10. Due to a memory corruption error when handling PICT files, which could be exploited to execute arbitrary code via a malicious image or web page.

11. Due to a memory corruption error when handling FlashPix files, which could be exploited to execute arbitrary code via a malicious image or web page.

12. Due to a memory corruption error when processing panorama atoms in QTVR (QuickTime Virtual Reality) movie files, which could be exploited to execute arbitrary code via a malicious video or web page.

13. Due to a heap overflow error when processing Track Header (tkhd) atoms, which could be exploited to execute arbitrary code via a malicious video or web page.

14. Due to an access validation error, which could allow a local user to access the contents of the "Apple Computer" directory in the user's profile.

15. Due to an integer overflow error when processing movie files, which could be exploited to execute arbitrary code via a malicious video or web page.


Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Apple QuickTime versions prior to 7.6.9

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link