Apple QuickTime Multiple Vulnerabilities
Last Update Date:
9 Aug 2011
Release Date:
5 Aug 2011
6491
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
- An error within the processing of GIF files can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted GIF file.
- Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file.
- An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website.
- An error within the processing of STSC atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
- An error within the processing of STSS atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
- An error within the processing of STSZ atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
- An error within the processing of STTS atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
Note: Vulnerabilities #1 through #3 do not affect Mac OS X versions.
Impact
- Remote Code Execution
System / Technologies affected
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 7.7.
Vulnerability Identifier
- CVE-2011-0186
- CVE-2011-0187
- CVE-2011-0209
- CVE-2011-0210
- CVE-2011-0211
- CVE-2011-0213
- CVE-2011-0245
- CVE-2011-0246
- CVE-2011-0247
- CVE-2011-0248
- CVE-2011-0249
- CVE-2011-0250
- CVE-2011-0251
- CVE-2011-0252
Source
Related Link
Share with