Apple QuickTime Multiple Vulnerabilities
Last Update Date:
28 Oct 2011 15:00
Release Date:
28 Oct 2011
5740
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.
- An integer overflow error when handling PICT files can be exploited via a specially crafted .pict file.
- A signedness error when handling font tables within QuickTime movie files can be exploited via a specially crafted movie file.
- An unspecified error when handling FLC encoded movie files can be exploited to cause a buffer overflow via a specially crafted movie file.
- An integer overflow error when handling JPEG2000 encoded movie files can be exploited via a specially crafted movie file.
- An error when handling TKHD atoms within QuickTime movie files can be exploited to cause a memory corruption via a specially crafted movie file.
Note: The vulnerabilities #1 and #5 do not affect Mac OS X versions.
Impact
- Cross-Site Scripting
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Apple QuickTime 7.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 7.7.1.
Vulnerability Identifier
- CVE-2011-3218
- CVE-2011-3219
- CVE-2011-3220
- CVE-2011-3221
- CVE-2011-3222
- CVE-2011-3223
- CVE-2011-3228
- CVE-2011-3247
- CVE-2011-3248
- CVE-2011-3249
- CVE-2011-3250
- CVE-2011-3251
Source
Related Link
Share with