copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0867 -- [Win][OSX] -- QuickTime 7.3 Released

Date: 06 November 2007

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2007.0867 -- [Win][OSX]
                          QuickTime 7.3 Released
                              6 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              QuickTime
Publisher:            Apple
Operating System:     Windows
                      Mac OS X
Impact:               Execute Arbitrary Code/Commands
                      Increased Privileges
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4677 CVE-2007-4676 CVE-2007-4675
                      CVE-2007-4672 CVE-2007-3751 CVE-2007-3750
                      CVE-2007-2395

Original Bulletin:    http://docs.info.apple.com/article.html?artnum=306896

Comment: The windows installation of iTunes comes with QuickTime bundled
         and is installed by default.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-11-05 QuickTime 7.3

QuickTime 7.3 is now available and addresses the following issues:

QuickTime
CVE-ID:  CVE-2007-2395
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in QuickTime's
handling of image description atoms. By enticing a user to open a
maliciously crafted movie file, an attacker may cause an unexpected
application termination or arbitrary code execution. This update
addresses the issue by performing additional validation of QuickTime
image descriptions. Credit to Dylan Ashe of Adobe Systems
Incorporated for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-3750
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime Player's
handling of Sample Table Sample Descriptor (STSD) atoms. By enticing
a user to open a maliciously crafted movie file, an attacker may
cause an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of STSD atoms. Credit to Tobias Klein of www.trapkit.de
for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-3751
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Untrusted Java applets may obtain elevated privileges
Description:  Multiple vulnerabilities exist in QuickTime for Java,
which may allow untrusted Java applets to obtain elevated privileges.
By enticing a user to visit a web page containing a maliciously
crafted Java applet, an attacker may cause the disclosure of
sensitive information and arbitrary code execution with elevated
privileges. This update addresses the issues by making QuickTime for
Java no longer accessible to untrusted Java applets. Credit to Adam
Gowdiak for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-4672
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description:  A stack buffer overflow exists in PICT image
processing. By enticing a user to open a maliciously crafted image,
an attacker may cause an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of PICT files. Credit to Ruben
Santamarta of reversemode.com working with TippingPoint and the Zero
Day Initiative for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-4676
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in PICT image processing.
By enticing a user to open a maliciously crafted image, an attacker
may cause an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of PICT files. Credit to Ruben Santamarta of
reversemode.com working with TippingPoint and the Zero Day Initiative
for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-4675
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in QuickTime's handling
of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie
files. By enticing a user to view a maliciously crafted QTVR file, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing bounds
checking on panorama sample atoms. Credit to Mario Ballano from
48bits.com working with the VeriSign iDefense VCP for reporting this
issue.

QuickTime
CVE-ID:  CVE-2007-4677
Available for:  Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in the parsing of the
color table atom when opening a movie file. By enticing a user to
open a maliciously crafted movie file, an attacker may cause an
unexpected application termination or arbitrary code execution. This
update addresses the issue by performing additional validation of
color table atoms. Credit to Ruben Santamarta of reversemode.com and
Mario Ballano of 48bits.com working with TippingPoint and the Zero
Day Initiative for reporting this issue.

QuickTime 7.3 may be obtained from the Software Update
application, or from the Apple Downloads site:
http://www.apple.com/support/downloads/

For Mac OS X v10.5
The download file is named:  "QuickTime730_Leopard.dmg"
Its SHA-1 digest is:  581a470ce7b98b3c7e515fd8d610502a94214933

For Mac OS X v10.4.9 or later
The download file is named:  "QuickTime730_Tiger.dmg"
Its SHA-1 digest is:  191e9789a9207921424185db1dc37792c7ec78e

For Mac OS X v10.3.9
The download file is named:  "QuickTime730_Panther.dmg"
Its SHA-1 digest is:  969324ae94afe82173f155d7db31dbce8c02dd0

QuickTime 7.3 for Windows Vista, XP SP2
The download file is named:  "QuickTimeInstaller.exe"
Its SHA-1 digest is:  14788da58ad4e1cc219d4a92b833ca49b9d99e59

QuickTime 7.3 with iTunes for Windows Vista, XP SP2
The download file is named:  "iTunes75Setup.exe"
Its SHA-1 digest is:  b38005b53e608dcd2b4fe18b44cc419fefbc9411

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBRy+AA8gAoqu4Rp5tAQiMpggAkcS1K1tPbqHw+KvdP7e3ck2jMIAUXN83
/ghr8z5yL54pONas3GE96vsp1qyYVAzKuGoG4iRpMe+7fMYk+TOfLR7TWhaC+Usw
m+NVPESANt8sKamKNdbtLyHhHEvXSi4dC8/WdIbifW115IvfAH/E/L2IDSlB6Nih
jpQ83jWDluI+T/jit04A7p0aAfry8PJEjal7sQ8ZLnBHthRsel78a729Nk036dl7
+Pfh/SZedNq0v4aLH22gDTt7rImcyJ1oY4hBOLh9KGZGe1ppmCB/UtG5woAqgbFz
G98/8MEQT0/bwBjsoTJ8G6eSUeMvmmUuBACSrW+EwxoUExres5zHGw==
=u231
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRy/A4ih9+71yA2DNAQKJZwP9FDPvvmX/SWq27Ke6c+maYiLhuwmbMOm5
6IhtynkKgwSwuSifNLh0bmHaFZJ796BjRUxnLcsddeAJ/6Rl3yCj5EZRQ3TmfxqT
wxyhr33krcZQxCClc2UNAwS2/Te8//EunSQR+erfJ0a7nF9fOS9TcqDDkocsW7fF
VxgdEB8dhS0=
=3s7h
-----END PGP SIGNATURE-----