Skip to main content

Apple QuickTime Multiple Vulnerabilities

Last Update Date: 28 Oct 2011 15:00 Release Date: 28 Oct 2011 5740 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

  1. An integer overflow error when handling PICT files can be exploited via a specially crafted .pict file.
  2. A signedness error when handling font tables within QuickTime movie files can be exploited via a specially crafted movie file.
  3. An unspecified error when handling FLC encoded movie files can be exploited to cause a buffer overflow via a specially crafted movie file.
  4. An integer overflow error when handling JPEG2000 encoded movie files can be exploited via a specially crafted movie file.
  5. An error when handling TKHD atoms within QuickTime movie files can be exploited to cause a memory corruption via a specially crafted movie file.

Note: The vulnerabilities #1 and #5 do not affect Mac OS X versions.


Impact

  • Cross-Site Scripting
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Apple QuickTime 7.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 7.7.1.

Vulnerability Identifier


Source


Related Link