SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   QuickTime Vendors:   Apple Computer
Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1027737
SecurityTracker URL:  http://securitytracker.com/id/1027737
CVE Reference:   CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758   (Links to External Site)
Date:  Nov 8 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.7.3
Description:   Multiple vulnerabilities were reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted PICT file can trigger a buffer overflow [CVE-2011-1374].

A specially crafted PICT file can trigger a memory corruption error [CVE-2012-3757].

A specially crafted web site can trigger a use-after-free memory error in handling of '_qtactivex_' parameters within a HTML object element [CVE-2012-3751].

A specially crafted QuickTime TeXML file can trigger a buffer overflow in the processing of the transform attribute in text3GTrack elements [CVE-2012-3758].

A specially crafted QuickTime TeXML file can trigger a buffer overflow in the processing of style elements [CVE-2012-3752].

A specially crafted web site can trigger a buffer overflow in the processing of MIME types [CVE-2012-3753].

A specially crafted web site can trigger a use-after-free memory error in the QuickTime ActiveX control's processing of the Clear() method [CVE-2012-3754].

A specially crafted Targa file can trigger a buffer overflow [CVE-2012-3755].

A specially crafted movie file can trigger a buffer overflow in the processing of 'rnet' boxes in MP4 files [CVE-2012-3756].

Mark Yason of the IBM X-Force, Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR), chkr_d591 (via iDefense VCP), Alexander Gavrun (via HP TippingPoint's Zero Day Initiative), Arezou Hosseinzad-Amirkhizi of the
Vulnerability Research Team at TELUS Security Labs, Pavel Polischouk of the Vulnerability Research Team at TELUS Security Labs, Senator of Pirates, and Kevin Szkudlapski of QuarksLab reported these vulnerabilities.
Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (7.7.3).

The vendor's advisory is available at:

http://support.apple.com/kb/HT5581
Vendor URL:  support.apple.com/kb/HT5581 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Wed, 07 Nov 2012 17:36:53 -0800
Subject:  APPLE-SA-2012-11-07-1 QuickTime 7.7.3


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-11-07-1 QuickTime 7.7.3

QuickTime 7.7.3 is now available and addresses the following:

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of REGION
records in PICT files. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2011-1374 : Mark Yason of the IBM X-Force

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted PICT file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
PICT files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability
Research (MSVR)

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue existed in the QuickTime
plugin's handling of '_qtactivex_' parameters within a HTML object
element. This issue was addressed through improved memory handling.
CVE-ID
CVE-2012-3751 : chkr_d591 working with iDefense VCP

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted QuickTime TeXML file may lead
to an unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of the
transform attribute in text3GTrack elements. This issue was addressed
through improved bounds checking.
CVE-ID
CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero
Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted QuickTime TeXML file may lead
to an unexpected application termination or arbitrary code execution
Description:  Multiple buffer overflows existed in the handling of
style elements in QuickTime TeXML files. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research
Team, TELUS Security Labs

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the QuickTime plugin's
handling of MIME types. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS
Security Labs

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue existed in the QuickTime ActiveX
control's handling of the Clear() method. This issue was addressed
through improved memory management.
CVE-ID
CVE-2012-3754 : CHkr_d591 working with iDefense VCP

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted Targa file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of Targa
image files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3755 : Senator of Pirates

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of 'rnet'
boxes in MP4 files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3756 : Kevin Szkudlapski of QuarksLab


QuickTime 7.7.3 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98
JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW
YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d
Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp
TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW
KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa
7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt
TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym
ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu
RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64
I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX
HhmkaRhwV4stZsLFzwIW
=nV8Y
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC