Date: 08 December 2010
References: ESB-2010.1039.2 ESB-2011.0314 ESB-2011.0667
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.1107
APPLE-SA-2010-12-07-1 QuickTime 7.6.9
8 December 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: QuickTime prior to 7.6.9
Publisher: Apple
Operating System: Windows
Mac OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-4009 CVE-2010-3802 CVE-2010-3801
CVE-2010-3800 CVE-2010-3795 CVE-2010-3794
CVE-2010-3793 CVE-2010-3792 CVE-2010-3791
CVE-2010-3790 CVE-2010-3789 CVE-2010-3788
CVE-2010-3787 CVE-2010-1508 CVE-2010-0530
Reference: ESB-2010.1039.2
Original Bulletin:
http://support.apple.com/kb/HT4447
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-12-07-1 QuickTime 7.6.9
QuickTime 7.6.9 is now available and addresses the following:
QuickTime
CVE-ID: CVE-2010-3787
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of JP2 images. Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to
Nils of MWR InfoSecurity for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3788
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved validation
of JP2 images. For Mac OS X v10.6 systems, this issue is addressed in
Mac OS X v10.6.5. Credit to Damian Put and Procyun, working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3789
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue is in QuickTime's handling of
avi files. Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of avi files. For Mac OS
X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit
to Damian Put working with TippingPoint's Zero Day Initiative for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3790
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of movie
files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS
X v10.6.5. Credit to Honggang Ren of Fortinet's FortiGuard Labs for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3791
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
For Mac OS X v10.6 systems, this issue is addressed in Mac OS X
v10.6.5. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3792
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of MPEG
encoded movie files. For Mac OS X v10.6 systems, this issue is
addressed in Mac OS X v10.6.5. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-3793
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of Sorenson encoded movie files. Viewing a maliciously
crafted movie file may lead to an unexpected application termination
or arbitrary code execution. This issue is addressed through improved
validation of Sorenson encoded movie files. For Mac OS X v10.6
systems, this issue is addressed in Mac OS X v10.6.5. Credit to an
anonymous researcher working with TippingPoint's Zero Day Initiative,
and Carsten Eiram of Secunia Research for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3794
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of FlashPix images. Viewing a maliciously
crafted FlashPix image may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory management. For Mac OS X v10.6 systems, this
issue is addressed in Mac OS X v10.6.5. Credit to an anonymous
researcher working with TippingPoint's Zero Day Initiative for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3795
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of GIF images. Viewing a maliciously crafted GIF
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved memory
management. For Mac OS X v10.6 systems, this issue is addressed in
Mac OS X v10.6.5. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3800
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of PICT files. Viewing a maliciously crafted PICT file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved validation of
PICT files. Credit to Moritz Jodeit of n.runs AG and Damian Put,
working with TippingPoint's Zero Day Initiative, and Hossein Lotfi
(s0lute), working with VeriSign iDefense Labs for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-3801
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FlashPix image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of FlashPix images. Viewing a maliciously crafted FlashPix
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved memory
management. Credit to Damian Put working with TippingPoint's Zero Day
Initiative, and Rodrigo Rubira Branco from the Check Point
Vulnerability Discovery Team for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3802
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie
files. Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of QTVR movie files.
Credit to an anonymous researcher working with TippingPoint's Zero
Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-1508
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of Track Header (tkhd) atoms. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved bounds
checking. This issue does not affect Mac OS X systems. Credit to
Moritz Jodeit of n.runs AG, working with TippingPoint's Zero Day
Initiative, and Carsten Eiram of Secunia Research for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-0530
Available for: Windows 7, Vista, XP SP2 or later
Impact: A local user may have access to sensitive information
Description: A filesystem permission issue exists in QuickTime. This
may allow a local user to access the contents of the "Apple Computer"
directory in the user's profile, which may lead to the disclosure of
sensitive information. This issue is addressed through improved
filesystem permissions. This issue does not affect Mac OS X systems.
Credit to Geoff Strickler of On-Line Transaction Consultants for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-4009
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling of
movie files. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to
Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.
QuickTime 7.6.9 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
For Mac OS X v10.5.8
The download file is named: "QuickTime769Leopard.dmg"
Its SHA-1 digest is: b580bfb4a66484f3ca12bcaf6e4adfde57574e20
For Windows 7 / Vista / XP SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 1eec8904f041d9e0ad3459788bdb690e45dbc38e
QuickTime is incorporated into Mac OS X v10.6 and later.
QuickTime 7.6.9 is not presented to systems running
Mac OS X v10.6 or later.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJM/ngJAAoJEGnF2JsdZQeecgIH/R889Ok7p9zwT45UOAURIQiC
PpJ93YkOFJrSZGw4n0VkaQDVyzpKxC8qjoq/RyDytTCkie48XojjSKujacCiYeXr
40lHoR2QnDdlsrQG39l0cNcqmTA9r970DNpQc2KOmzkmJBdY/Z9afelTKDKdaXaD
67/9kWRhexsn+1yBR73MAc5e0RlDCX1CbkRd+tmMpx9viOZL+4nuLXRjSci+qAgQ
FncCPFh/tSH1QFo3/Pa88VoCFqt8hAdBZRKnPQa/dxzZYDYwEASrGrxnlgj1QqZs
sJP92Bwj6D9U/xaj2XoVpjzcy4iM7YqN8trac70YC7v/ID3kigEq9eOQ9AtpxvM=
=NQ1W
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFM/woL/iFOrG6YcBERAu6RAJ0QgC0x3XaYb4PmctVy+yIBg2cg9gCgmfT2
lA0Kva1iPUQqCKnQOMCwcwc=
=omC8
-----END PGP SIGNATURE-----
|