Home / mailings APPLE-SA-2013-05-22-1 QuickTime 7.7.4
Posted on 22 May 2013
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
QuickTime 7.7.4 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted TeXML file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
TeXML files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1015 : Aniway.Anyway@gmail.com working with HP's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of H.263
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1016 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'dref'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-1017 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of H.264
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted MP3 file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of MP3 files.
This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
JPEG encoded data. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1020 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted QTIF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
QTIF files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-0987 : roob working with iDefense VCP
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG
encoded data. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1021 : Mil3s beep working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'enof'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted FPX file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of FPX files.
This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of 'mvhd'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day
Initiative
QuickTime 7.7.4 may be obtained from the QuickTime Downloads site:
http://support.apple.com/downloads/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 50395ed3c9ac1f8104e0ad18c99a14c03755d060
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
