Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!
Apple QuickTime Multiple Highly Critical Vulnerabilities
- 0
- Add a Comment
- No Related Post
Piotr Bania has reported some vulnerabilities in Apple QuickTime, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user’s system.
- An integer overflow error exists in the handling of a “Pascal” style string when loading a “.mov” video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.
- An integer overflow error exists in the handling of certain movie attributes when loading a “.mov” video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.
- A NULL pointer dereferencing error exists when handling certain missing movie attributes from a video file. This may be exploited to crash an application that uses QuickTime when a specially crafted video file is loaded.
- A boundary error exists in the QuickTime PictureViewer when decompressing PICT data. This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file.
The vulnerabilities have been reported in the following versions:
- QuickTime version 6.5.2 and 7.0.1 for Mac OS X.
- QuickTime versions 7.x prior to 7.0.3 for Windows.
Prior versions may also be affected.
Solution: Update to version 7.0.3.
[Continue reading Secunia Advisory SA17428]
[tags]security,quicktime,arbitrary code execution,integer overflow,compromise computer system[/tags]