copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0514 -- [Win][OSX] -- QuickTime 7.2

Date: 12 July 2007

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2007.0514 -- [Win][OSX]
                               QuickTime 7.2
                               12 July 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              QuickTime prior to 7.2
Publisher:            Apple
Operating System:     Mac OS X
                      Windows
Impact:               Execute Arbitrary Code/Commands
                      Access Privileged Data
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-2402 CVE-2007-2397 CVE-2007-2396
                      CVE-2007-2394 CVE-2007-2393 CVE-2007-2392
                      CVE-2007-2296 CVE-2007-2295

Original Bulletin:    http://docs.info.apple.com/article.html?artnum=305947

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-07-11 QuickTime 7.2

QuickTime 7.2 is now available. Along with functionality improvements
(see release notes), it also provides fixes for the following
security issues:

QuickTime
CVE-ID:  CVE-2007-2295
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted H.264 movie may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in QuickTime's
handling of H.264 movies. By enticing a user to access a maliciously
crafted H.264 movie, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of QuickTime H.264 movies. Credit to Tom Ferris of
Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for
reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2392
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in QuickTime's
handling of movie files. By enticing a user to access a maliciously
crafted movie file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of movie files. Credit to Jonathan 'Wolf' Rentzsch of Red Shed
Software for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2296
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted .m4v file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow vulnerability exists in QuickTime's
handling of .m4v files. By enticing a user to access a maliciously
crafted .m4v file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of .m4v files. Credit to Tom Ferris of Security-Protocols.com for
reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2394
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted SMIL file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow vulnerability exists in QuickTime's
handling of SMIL files. By enticing a user to access a maliciously
crafted SMIL file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of SMIL files. Credit to David Vaartjes of ITsec Security Services,
working with the iDefense VCP, for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2397
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Visiting a malicious website may lead to arbitrary code
execution
Description:  A design issue exists in QuickTime for Java, which may
allow security checks to be disabled. By enticing a user to visit a
web page containing a maliciously crafted Java applet, an attacker
can trigger the issue which may lead to arbitrary code execution.
This update addresses the issue by performing a more accurate
permissions check. Credit to Adam Gowdiak for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2393
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Visiting a malicious website may lead to arbitrary code
execution
Description:  A design issue exists in QuickTime for Java. This may
allow Java applets to bypass security checks in order to read and
write process memory. By enticing a user to visit a web page
containing a maliciously crafted Java applet, an attacker can trigger
the issue which may lead to arbitrary code execution. This update
addresses the issue by performing additional validation of Java
applets. Credit to Adam Gowdiak for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2396
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Visiting a malicious website may lead to arbitrary code
execution
Description:  A design issue exists in QuickTime for Java. JDirect
exposes interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory. By enticing a user to visit a web page
containing a maliciously crafted Java applet, an attacker can trigger
the issue which may lead to arbitrary code execution. This update
addresses the issue by removing support for JDirect from QuickTime
for Java. Credit to Adam Gowdiak for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2402
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact:  Visiting a malicious website may lead to the disclosure of
sensitive information
Description:  A design issue exists in QuickTime for Java, which may
allow a malicious website to capture a client's screen content. By
enticing a user to visit a web page containing a maliciously crafted
Java applet, an attacker can trigger the issue which may lead to the
disclosure of sensitive information. This update addresses the issue
by performing a more accurate access control check.

QuickTime 7.2 may be obtained from the Software Update
application, or from the Apple Downloads site:
http://www.apple.com/support/downloads/

For Mac OS X v10.3.9 or later
The download file is named:  "QuickTime720.dmg"
Its SHA-1 digest is:  391f359c8243b673bbd32c77a23416f5b0ebfd46

QuickTime 7.2 for Windows Vista/XP/2000
The download file is named:  "QuickTimeInstaller.exe"
Its SHA-1 digest is:  bb89981f10cf21de57b9453e53cf81b9194271a9

QuickTime 7.2 with iTunes for Windows Vista/XP/2000
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  77144b39b768143cb4882b7b6f463724f87fcbd8

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRpVR18gAoqu4Rp5tAQgIlgf/Q3e6/ofKXEntL8FpwIX4xVnG5sK5yT/o
GsBItIy2Tunltag0/b/quAga96wamSNJctRuhrVL1n3GTjPVTIcNKNqqsanT1MxS
El4Bfil6sQLk8TBdwhZma56BT3w0exPDzHqG8uLyGN41uc7CVjcabYlkMB6ISOul
dZWlW0svnttP0k6v7/fpK37upYZWVb2G6BTVHgQ61jjzbRUGafbATue6rsHPvHuU
ZgCtmn/SDR+uCahxUna/SGR/8G+BF1ftvAjqv1Ty2jRcHuuKaA53eInwbctd3TF0
sqpwvl8v/U90cub1fGtrHfKO1PDAAnSl6v56fuVgnEzeszT9tXUxRA==
=WdMi
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRpWAjSh9+71yA2DNAQLehgP+LTQYJ3LBP6gpvt+QRl9cJllvmGZM2dM/
ZiOIDbL/QfaTw+StYyfshzjiBWbeTY3JnviI7Pl8CoeVA+5gMzZ4x7WAeli7wozQ
L7d1JzKe4ijQcY843Hi1zT7FYWN0NXIGe7JCVCKE4rXvSVtIJdBLnVvGUXRnM2HD
M8fzJa9nS/4=
=IEuD
-----END PGP SIGNATURE-----