SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   QuickTime Vendors:   Apple Computer
QuickTime for Java Lets Remote Users Obtain Information and Execute Arbitrary Code
SecurityTracker Alert ID:  1018136
SecurityTracker URL:  http://securitytracker.com/id/1018136
CVE Reference:   CVE-2007-2388, CVE-2007-2389   (Links to External Site)
Date:  May 29 2007
Impact:   Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1.6 and prior versions
Description:   Two vulnerabilities were reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information.

A remote user can create specially crafted Java applet that, when loaded by the target user, will trigger a memory error and execute arbitrary code on the target system [CVE-2007-2388]. The code will run with the privileges of the target user.

Appled credits John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research with reporting this vulnerability.

A remote user can create specially crafted Java applet that, when loaded by the target user, will access web browser memory on the target system [CVE-2007-2389].

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix as part of Security Update (QuickTime 7.1.6), available from the Software Update application, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For QuickTime 7.1.6 on Mac OS X
The download file is named: "SecUpdQuickTime716.dmg"
Its SHA-1 digest is: 960b3d043366f214c62e94fc176e5e367eb75992

For QuickTime 7.1.6 on Windows
The download file is named: "SecUpdQuickTime716.msi"
Its SHA-1 digest is: 1ab14df3c1ef6f15d082cb5c13e9898097816ea9

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=305531

Vendor URL:  docs.info.apple.com/article.html?artnum=305531 (Links to External Site)
Cause:   Access control error
Underlying OS:   UNIX (OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Tue, 29 May 2007 13:04:02 -0700
Subject:  APPLE-SA-2007-05-29 Security Update (QuickTime 7.1.6)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-05-29 Security Update (QuickTime 7.1.6)

Security Update (QuickTime 7.1.6) is now available and provides
the following security enhancements:

QuickTime
CVE-ID:  CVE-2007-2388
Available for:  QuickTime 7.1.6 on Mac OS X and Windows
Impact:  Visiting a malicious website may lead to arbitrary code
execution
Description:  An implementation issue exists in QuickTime for Java,
which may allow instantiation or manipulation of objects outside the
bounds of the allocated heap. By enticing a user to visit a web page
containing a maliciously crafted Java applet, an attacker can trigger
the issue which may lead to arbitrary code execution. This update
addresses the issue by performing additional validation of Java
applets. Credit to John McDonald, Paul Griswold, and Tom Cross of IBM
Internet Security Systems X-Force, and Dyon Balding of Secunia
Research for reporting this issue.

QuickTime
CVE-ID:  CVE-2007-2389
Available for:  QuickTime 7.1.6 on Mac OS X and Windows
Impact:  Visiting a malicious website may lead to the disclosure of
sensitive information
Description:  A design issue exists in QuickTime for Java, which may
allow a web browser's memory to be read by a Java applet. By enticing
a user to visit a web page containing a maliciously crafted Java
applet, an attacker can trigger the issue which may lead to the
disclosure of sensitive information. This update addresses the issue
by clearing memory before allowing it to be used by untrusted Java
applets.

Security Update (QuickTime 7.1.6) may be obtained from the Software
Update application, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For QuickTime 7.1.6 on Mac OS X
The download file is named:  "SecUpdQuickTime716.dmg"
Its SHA-1 digest is:  960b3d043366f214c62e94fc176e5e367eb75992

For QuickTime 7.1.6 on Windows
The download file is named:  "SecUpdQuickTime716.msi"
Its SHA-1 digest is:  1ab14df3c1ef6f15d082cb5c13e9898097816ea9

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRlyGJ8gAoqu4Rp5tAQj2kQf/Tpr4eaxB4begtn5Abd1LhpcdfR997AVQ
gPF4r7m7dqElMA0st1Dg5hCOE5qH/nDA+3f9UitutPKayOFP2lM0xRIPkLyKP08x
MFZO9A8wKV4XRy0S0SVUx6oRWJDvotZ9k/Eino0ci6OFnjnCPbVhoc19mIjl/P0c
MTi/pWtYPe9lypbroTTMj+Iu7kco2Q8D2p3mCdzirzXFcgYpqUOoKdjInisQyTOH
wEzo5G+hS14AOpN5+T4+yrlx27BPYeJ9YSNk1Fh5F4JA7pbUUGWWcl5DlnAOpOZ9
lLnjZRoC6R9Jphy+Zn3DYcxNu5xU/vYWeF6kkOyLXBKr2AXUuSYsqg==
=ycXf
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC