copyright | disclaimer | privacy | contact  
Australia's National Computer Emergency Response Team
 
Search this site

 

On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > Report Incident
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > Certifications
 > News & Media
 > Services
 > National Home
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AL-2007.0031 -- [Win][OSX] -- Apple QuickTime and iT...
 

AL-2007.0031 -- [Win][OSX] -- Apple QuickTime and iTunes multiple buffer overflow vulnerabilities
Date: 06 March 2007
AusCERT Reference #: AL-2007.0031

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2007.0031 -- AUSCERT ALERT
                                [Win][OSX]
    Apple QuickTime and iTunes multiple buffer overflow vulnerabilities
                               6 March 2007

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:              Quicktime 7.1.4 and prior
                      iTunes 7 and prior
Publisher:            Apple
Operating System:     Windows
                      Mac OS X
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-0718 CVE-2007-0717 CVE-2007-0716
                      CVE-2007-0715 CVE-2007-0714 CVE-2007-0713
                      CVE-2007-0712 CVE-2007-0711

Comment: 
  QuickTime 7.1.4 and prior contain vulnerabilities in the handling of
  five different media formats, potentially allowing a remote attacker
  to compromise the computer when the user visits a malicious web page
  or opens malicious files.
         
  Since QuickTime is supplied as a component of Apple iTunes,
  iTunes installations are also affected by these vulnerabilities.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-03-05 QuickTime 7.1.5

QuickTime 7.1.5 is now available. Along with functionality
improvements (see release notes), it also provides fixes for the
following security issues:

QuickTime
CVE-ID:  CVE-2007-0711
Available for:  Windows Vista/XP/2000
Impact:  Viewing a maliciously-crafted 3GP file may lead to an
application crash or arbitrary code execution
Description:  An integer overflow exists in QuickTime's handling
of 3GP video files. By enticing a user to open a malicious
movie, an attacker can trigger the overflow, which may lead
to an application crash or arbitrary code execution. This update
addresses the issue by performing additional validation of 3GP
video files. This issue does not affect Mac OS X. Credit to JJ
Reyes for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-0712
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Viewing a maliciously-crafted MIDI file may lead to an
application crash or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime's
handling of MIDI files. By enticing a user to open a malicious
MIDI file, an attacker can trigger the overflow, which may lead
to an application crash or arbitrary code execution. This update
addresses the issue by performing additional validation of MIDI
files. Credit to Mike Price of McAfee AVERT Labs for reporting
this issue.

QuickTime
CVE-ID:  CVE-2007-0713
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Viewing a maliciously-crafted Quicktime movie file may
lead to an application crash or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime's
handling of QuickTime movie files. By enticing a user to access
a maliciously-crafted movie, an attacker can trigger the
overflow, which may lead to an application crash or arbitrary
code execution. This update addresses the issue by performing
additional validation of QuickTime movies. Credit to Mike Price
of McAfee AVERT Labs, Piotr Bania, and Artur Ogloza (Czestochowa,
Poland) for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-0714
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Viewing a maliciously-crafted Quicktime movie file may
lead to an application crash or arbitrary code execution
Description:  An integer overflow exists in QuickTime's handling
of UDTA atoms in movie files. By enticing a user to access a
maliciously-crafted movie, an attacker can trigger the overflow,
which may lead to an application crash or arbitrary code
execution. This update addresses the issue by performing
additional validation of QuickTime movies. Credit to Sowhat of
Nevis Labs, and an anonymous researcher working with TippingPoint
and the Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-0715
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Viewing a maliciously-crafted PICT file may lead to an
application crash or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime's
handling of PICT files. By enticing a user to open a malicious
PICT image file an attacker can trigger the overflow, which may
lead to arbitrary code execution. This update addresses the
issue by performing additional validation of PICT files. Credit
to Mike Price of McAfee AVERT Labs for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-0716
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Opening a maliciously-crafted QTIF file may lead to an
application crash or arbitrary code execution
Description:  A stack buffer overflow exists in QuickTime's
handling of QTIF files. By enticing a user to access a
maliciously-crafted QTIF file, an attacker can trigger the
overflow, which may lead to an application crash or arbitrary
code execution. This update addresses the issue by performing
additional validation of QTIF files. Credit to Mike Price of
McAfee AVERT Labs for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-0717
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Opening a maliciously-crafted QTIF file may lead to an
application crash or arbitrary code execution
Description:  An integer overflow exists in QuickTime's handling
of QTIF files. By enticing a user to access a maliciously-crafted
QTIF file, an attacker can trigger the overflow, which may lead to
an application crash or arbitrary code execution. This update
addresses the issue by performing additional validation of QTIF
files. Credit to Mike Price of McAfee AVERT Labs for reporting
this issue.

QuickTime
CVE-ID:  CVE-2007-0718
Available for:  Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact:  Opening a maliciously-crafted QTIF file may lead to an
application crash or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime's
handling of QTIF files. By enticing a user to access a
maliciously-crafted QTIF file, an attacker can trigger the
overflow, which may lead to an application crash or arbitrary
code execution. This update addresses the issue by performing
additional validation of QTIF files. Credit to Ruben Santamarta
working with the iDefense Vulnerability Contributor Program, and
JJ Reyes for reporting this issue.

QuickTime 7.1.5 may be obtained from the Software Update
application, or from the Download area in the QuickTime site
http://www.apple.com/quicktime/download/

For Mac OS X v10.3.9 or later
The download file is named:  "QuickTime715.dmg"
Its SHA-1 digest is:  68e621a81560610a37bbf8be5695c751c006627d

QuickTime 7.1.5 for Windows Vista/XP/2000
The download file is named:  "QuickTimeInstaller.exe"
Its SHA-1 digest is:  138d028e7b7c77b8938ae65a14369587a7752a85

QuickTime 7.1.5 with iTunes for Windows Vista/XP/2000
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  0a32a8c929cd8f893793a5c260d437726728fe0d

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRexyRImzP5/bU5rtAQi+vAgAkStJiumk4+tJaygYj6cwzTPlZiPzTfqi
0n8/mUw8XXXHhMYGcnpBnPW1yRlQeZtTpcK7qtb0pQs2Qhc/Uok/SgbUF/ELcgVw
GMh3oqRx8kWqXClT+IEgH+H+wZb2+8UEUgztcbaXCwuCevHSv5oVJ1cx4iphbObk
aKYDBx9DIj18pdcQsbazQmsIrH5Hgt6hpxR/5RTHqORrA2A4EPpXXdCtr4087u+u
IhrpUR9h6noToOXSpCAIS5L4t7B2wJRydsbqEk+VCvP8qqMGxrvoVcKQ2ic+DTBm
IhRUYUP9Z3D3WUsEQ2QCMXMdwIKbA5ypHxuWXp5viPLUUQESXqRTSA==
=BkfW
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBReyuPyh9+71yA2DNAQLifQP9FE9Un6txO3/jiaR0oE+O8Za6LAfgyz5A
K/DrfaJBqwbVretW9PP/06I1WYsnH6HH7rFhNj0zKet9YmGYdUUpHKrkqQ0CEFdp
E764fIobdi10a3pY4hYeirHahU6quuplIVMUOufCZWURXfZYY+n+Jne4x+FrSeS8
OdL/YWPKkd0=
=SmPc
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/7356