September 27, 2016

Apple Releases QuickTime 7.7 to Address Multiple Vulnerabilities

(LiveHacking.Com) – Apple has released QuickTime 7.7 for Mac OS X v10.5.8, Windows 7, Vista and XP SP2 or later. QuickTime 7.7 closes several holes that could allow maliciously crafted images, audio files and movies to crash the program or execute unauthorized code.

According to a Apple’s knowledge base article the problems resolved are:

  • A buffer overflow existed in QuickTime’s handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • Multiple memory corruption issues existed in QuickTime’s handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • A cross-origin issue existed in QuickTime plug-in’s handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A memory corruption issue existed in QuickTime’s handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in QuickTime’s handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in QuickTime’s handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems.
  • A stack buffer overflow existed in the QuickTime ActiveX control’s handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks