Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
QuickTime Buffer Overflows and Memory Corruption Errors in Playing Movie Files Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1023761 |
|
SecurityTracker URL: http://securitytracker.com/id/1023761
|
|
CVE Reference:
CVE-2010-0062, CVE-2010-0514, CVE-2010-0515, CVE-2010-0516, CVE-2010-0517, CVE-2010-0518, CVE-2010-0519, CVE-2010-0520, CVE-2010-0526
(Links to External Site)
|
Date: Mar 29 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will trigger an integer overflow, heap overflow, or memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted H.263-encoded movie file can trigger code execution [CVE-2010-0062]. Damian Put reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted H.261-encoded movie file can trigger code execution [CVE-2010-0514]. Will Dormann of the CERT/CC reported this vulnerability.
A specially crafted H.264-encoded movie file can trigger code execution [CVE-2010-0515].
A specially crafted RLE-encoded movie file can trigger code execution [CVE-2010-0516]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted M-JPEG-encoded movie file can trigger code execution [CVE-2010-0517]. Damian Put reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted Sorenson-encoded movie file can trigger code execution [CVE-2010-0518]. Will Dormann of the CERT/CC reported this vulnerability.
A specially crafted FlashPix-encoded movie file can trigger code execution [CVE-2010-0519]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
A specially crafted FLC-encoded movie file can trigger code execution [CVE-2010-0520]. Moritz Jodeit of n.runs AG reported this vulnerability via TippingPoint's Zero Day Initiative and Nicols Joly of VUPEN Security separately reported this vulnerability.
A specially crafted MPEG file can trigger code execution [CVE-2010-0526]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fix as part of Security Update 2010-002 / Mac OS X v10.6.3, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2010-002 or Mac OS X v10.6.3.
For Mac OS X v10.6.2
The download file is named: MacOSXUpd10.6.3.dmg
Its SHA-1 digest is: d3a310c02fcd8199fe55b11c801659974b3d3ab3
For Mac OS X v10.6 and v10.6.1
The download file is named: MacOSXUpdCombo10.6.3.dmg
Its SHA-1 digest is: 72c12635cf83ab6fe028ddf81b0af7357853f736
For Mac OS X Server v10.6.2
The download file is named: MacOSXServerUpd10.6.3.dmg
Its SHA-1 digest is: 7375540ba74774a93551c0a2281b3f661bb57608
For Mac OS X Server v10.6 and v10.6.1
The download file is named: MacOSXServerUpdCombo10.6.3.dmg
Its SHA-1 digest is: 1c844309397f6cf54dc928a2fc57835865c0a768
For Mac OS X v10.5.8
The download file is named: SecUpd2010-002Leo.dmg
Its SHA-1 digest is: 4f5f212c09f8275a0593b826c226875d2a48e0a6
For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-002Leo.dmg
Its SHA-1 digest is: 7a5f9d9580c98dcaf2a21bad4877bb16acf500b0
The vendor's advisory is available at:
http://support.apple.com/kb/HT4077
|
Vendor URL: support.apple.com/kb/HT4077 (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 29 Mar 2010 19:43:06 +0000
Subject: Apple Quicktime
|
APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
QuickTime
CVE-ID: CVE-2010-0062
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of H.263 encoded movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed by performing additional
validation of H.263 encoded movie files. Credit to Damian Put working
with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0514
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of H.261
encoded movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed by performing additional
validation of H.261 encoded movie files. Credit to Will Dormann of
the CERT/CC for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0515
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption in the handling of H.264 encoded
movie files. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed by performing additional validation of H.264
encoded movie files.
QuickTime
CVE-ID: CVE-2010-0516
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow in the handling of RLE encoded
movie files. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed by performing additional validation of RLE encoded
movie files. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0517
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow in the handling of M-JPEG
encoded movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed by performing additional
validation of M-JPEG encoded movie files. Credit to Damian Put
working with TippingPoint's Zero Day Initiative for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-0518
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
Sorenson encoded movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed by performing additional
validation of Sorenson encoded movie files. Credit to Will Dormann of
the CERT/CC for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0519
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in the handling of FlashPix
encoded movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
Credit to an anonymous researcher working with TippingPoint's Zero
Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0520
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of FLC
encoded movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed by performing additional
validation of FLC encoded movie files. Credit to Moritz Jodeit of
n.runs AG, working with TippingPoint's Zero Day Initiative, and
Nicols Joly of VUPEN Security for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0526
Available for: Mac OS X v10.6 through v10.6.2,
Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted MPEG file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of MPEG
encoded movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed by performing additional
validation of MPEG encoded movie files. Credit to an anonymous
researcher working with TippingPoint's Zero Day Initiative for
reporting this issue.
|
|
Go to the Top of This SecurityTracker Archive Page
|
