Australia's Leading Computer Emergency Response Team

ESB-2011.1085 - [Win] QuickTime: Multiple vulnerabilities
Date: 28 October 2011
Original URL: http://www.auscert.org.au/render.html?cid=1980&it=15024
References: ESB-2011.1034  

Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.1085
                              QuickTime 7.7.1
                              28 October 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           QuickTime
Publisher:         Apple
Operating System:  Windows XP
                   Windows Vista
                   Windows 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Remote with User Interaction
                   Cross-site Scripting            -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-3251 CVE-2011-3250 CVE-2011-3249
                   CVE-2011-3248 CVE-2011-3247 CVE-2011-3228
                   CVE-2011-3223 CVE-2011-3222 CVE-2011-3221
                   CVE-2011-3220 CVE-2011-3219 CVE-2011-3218

Reference:         ESB-2011.1034

Original Bulletin: 
   http://support.apple.com/kb/HT5016

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-10-26-1 QuickTime 7.7.1

QuickTime 7.7.1 is now available and addresses the following:

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime's handling of
H.264 encoded movie files. For OS X Lion systems, this issue is
addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this
issue is addressed in Security Update 2011-006.
CVE-ID
CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to the
disclosure of memory contents
Description:  An uninitialized memory access issue existed in
QuickTime's handling of URL data handlers within movie files. For OS
X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac
OS X v10.6 systems, this issue is addressed in Security Update
2011-006.
CVE-ID
CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An implementation issue existed in QuickTime's handling
of the atom hierarchy within a movie file. For OS X Lion systems,
this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6
systems, this issue is addressed in Security Update 2011-006.
CVE-ID
CVE-2011-3221 : an anonymous researcher working with TippingPoint's
Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  An attacker in a privileged network position may inject
script in the local domain when viewing template HTML
Description:  A cross-site scripting issue existed in QuickTime
Player's "Save for Web" export. The template HTML files generated by
this feature referenced a script file from a non-encrypted origin. An
attacker in a privileged network position may be able to inject
malicious scripts in the local domain if the user views a template
file locally. This issue is addressed by removing the reference to an
online script. This issue does not affect OS X Lion systems. For Mac
OS X v10.6 systems, this issue is addressed in Security Update
2011-006.
CVE-ID
CVE-2011-3218 : Aaron Sigel of vtty.com

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted FlashPix file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime's handling of
FlashPix files. For OS X Lion systems, this issue is addressed in OS
X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed
in Security Update 2011-006.
CVE-ID
CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime's handling of
FLIC files. For OS X Lion systems, this issue is addressed in OS X
Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in
Security Update 2011-006.
CVE-ID
CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in
QuickTime's handling of movie files. For OS X Lion systems, these
issues are addressed in OS X Lion v10.7.2. For Mac OS X v10.6
systems, these issues are addressed in Security Update 2011-006.
CVE-ID
CVE-2011-3228 : Apple

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow issue existed in the handling of
PICT files. This issue does not affect Mac OS X systems.
CVE-ID
CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A signedness issue existed in the handling of font
tables embedded in QuickTime movie files.
CVE-ID
CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow issue existed in the handling of FLC
encoded movie files.
CVE-ID
CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow issue existed in the handling of
JPEG2000 encoded movie files.
CVE-ID
CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
TKHD atoms in QuickTime movie files. This issue does not affect Mac
OS X systems.
CVE-ID
CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day
Initiative


QuickTime 7.7.1 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 9bf0e5da752663d1b8d8a415f938dc2d3b04eee5

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOqH2VAAoJEGnF2JsdZQeecGQIAIY4HmK221wqZEuxnTFYZdnv
CFnX2vc1cn22XODSXQV5x38zEd5RV1X/Crh3QcG/rSmhOKxckCJG5G4cRk9dNmdu
vpaU3+cceDTWieSmgwZX0QRScqdn6+rMHzJqWnR8i1E+bfDKhB5fl4eB1IGmRnAk
W4wZvUd06pMwSKm35d7whBBsiIz0gmIGz2Ktf7ft6wObHyy0Gq/eHWZFm2/VdX1p
Z+gXnbKTsYsgSeE33IGqgbA6+yFpA41ueKqR6084n6aUWdpb7GHpTNI5v3h7Sq53
i3BxkfDIOpgHyd7/G/b1Rmmv9k6fO64GCyvvuxr6laIstfCPYqROoajx1tsFStU=
=LmVu
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTqomau4yVqjM2NGpAQJscQ//YHvK7KVh7tuEKRnQC03NAFsDjexfHBnY
CKZQQS4QVoxBb4y9lWBYDjuhlmQNrj3g1vB+d5DnPDd1gTNxvny00e2KFZ/UxDaZ
nXNnuv5a6TmwR1OQvIyj7sypHZd1rkAhzAFfOVVp64MpdFFDmYzBP6qKRNhY7MI1
YIB7ehW9t2JT+BSP/4SK3xrypMz/UDbSvUUCWSTdjOF12yPtKgu/AktvBNDNviOw
CExUaNXBM/Ni8ZW2yHDREI/e9Y4e7NZI9G5b37PrMT/kXQLRkjF0ZcJMgXg5XP1d
DkVf4DiiBgwRX7nm0o4Sy3YmeCuyCDRWQt2XhVXmau9lvYWdLQEPFbntJDLXOXrI
nG0/hHU6D5UzfrySUzqsOe22Y2plHevIdE3fE8HB/k9yzkchbXsNBBJROcKO9sps
mK5zM5QOP9b8VwL9F/19xsc5pqt8+ayUsaklm7KusrayB3At7cy0er0dEj72keq9
rAEE/bp9tt+A4o/nSqa9V3eVicg7kn3TH5oTYjlz/beJxz/N0kaci/1qoQ5YjpjN
63eMi3MBRp9+NdbaFe6volObeXQXHIYn5ukfRmwfBIY+LinBU/EZv4CyOMYpMTBW
XC0zROnMdriOnUNUhZSZ9IfcGyzpkp6BAtEgucOmZr1Xev4B4scEjIQ4eAYUtuPq
1oqFNKtGtOM=
=DVxV
-----END PGP SIGNATURE-----