Skip to main content

Apple QuickTime Multiple Vulnerabilities

Last Update Date: 9 Aug 2011 Release Date: 5 Aug 2011 6491 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

  1. An error within the processing of GIF files can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted GIF file.
  2. Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file.
  3. An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website.
  4. Note: Vulnerabilities #1 through #3 do not affect Mac OS X versions.

  5. An error within the processing of STSC atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
  6. An error within the processing of STSS atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
  7. An error within the processing of STSZ atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
  8. An error within the processing of STTS atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.

Impact

  • Remote Code Execution

System / Technologies affected


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 7.7.

Vulnerability Identifier


Source


Related Link