February 5, 2012

You are here: Home / Archives for QuickTime

Apple Releases QuickTime 7.7.1 for Windows to Fix Vulnerabilities

October 28, 2011 By

(LiveHacking.Com) - Apple has released QuickTime 7.7.1 for Windows to fix multiple vulnerabilities that if exploited could allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

According to the security advisory, QuickTime 7.7.1 for Windows 7, Vista and XP, fixes several issues which have either been fixed in OS X (with OS X Lion v10.7.2 or with Security Update 2011-006 for
OS X v10.6 systems) or don’t affect Mac OS X systems.

The problems fixed are:

  • A buffer overflow existed in QuickTime’s handling of H.264 encoded movie files.
  • An uninitialized memory access issue existed in QuickTime’s handling of URL data handlers within movie files.
  • An implementation issue existed in QuickTime’s handling of the atom hierarchy within a movie file.
  • A cross-site scripting issue existed in QuickTime Player’s “Save for Web” export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is addressed by removing the reference to an online script.
  • A buffer overflow existed in QuickTime’s handling of FlashPix files.
  • A buffer overflow existed in QuickTime’s handling of FLIC files.
  • Multiple memory corruption issues existed in QuickTime’s handling of movie files.
  • An integer overflow issue existed in the handling of PICT files.
  • A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
  • A buffer overflow issue existed in the handling of FLC encoded movie files.
  • An integer overflow issue existed in the handling of JPEG2000 encoded movie files.
  • A memory corruption issue existed in the handling of TKHD atoms in QuickTime movie files.
To exploit most of the these vulnerabilities an attacker would need to create a special crafted movie file and get the victim to watch it on their PC.
Filed Under: Apple, Apple, Vulnerability, Windows Tagged With: , ,

Apple Releases QuickTime 7.7 to Address Multiple Vulnerabilities

August 4, 2011 By

(LiveHacking.Com) – Apple has released QuickTime 7.7 for Mac OS X v10.5.8, Windows 7, Vista and XP SP2 or later. QuickTime 7.7 closes several holes that could allow maliciously crafted images, audio files and movies to crash the program or execute unauthorized code.

According to a Apple’s knowledge base article the problems resolved are:

  • A buffer overflow existed in QuickTime’s handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • Multiple memory corruption issues existed in QuickTime’s handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • A cross-origin issue existed in QuickTime plug-in’s handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A memory corruption issue existed in QuickTime’s handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in QuickTime’s handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in QuickTime’s handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems.
  • A stack buffer overflow existed in the QuickTime ActiveX control’s handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
Filed Under: Apple, Apple, Vulnerability Tagged With: ,

Apple QuickTime backdoor creates code-execution peril

August 31, 2010 By

A security researcher has unearthed a “bizarre” flaw in Apple’s QuickTime Player that can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system.

Read the full article here.

Source:[TheRegister]

Filed Under: Apple, Vulnerability Tagged With: , ,