Home / mailingsPDF  

APPLE-SA-2007-11-05 QuickTime 7.3

Posted on 05 November 2007
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-11-05 QuickTime 7.3

QuickTime 7.3 is now available and addresses the following issues:

QuickTime
CVE-ID: CVE-2007-2395
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of image description atoms. By enticing a user to open a
maliciously crafted movie file, an attacker may cause an unexpected
application termination or arbitrary code execution. This update
addresses the issue by performing additional validation of QuickTime
image descriptions. Credit to Dylan Ashe of Adobe Systems
Incorporated for reporting this issue.

QuickTime
CVE-ID: CVE-2007-3750
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime Player's
handling of Sample Table Sample Descriptor (STSD) atoms. By enticing
a user to open a maliciously crafted movie file, an attacker may
cause an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of STSD atoms. Credit to Tobias Klein of www.trapkit.de
for reporting this issue.

QuickTime
CVE-ID: CVE-2007-3751
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Untrusted Java applets may obtain elevated privileges
Description: Multiple vulnerabilities exist in QuickTime for Java,
which may allow untrusted Java applets to obtain elevated privileges.
By enticing a user to visit a web page containing a maliciously
crafted Java applet, an attacker may cause the disclosure of
sensitive information and arbitrary code execution with elevated
privileges. This update addresses the issues by making QuickTime for
Java no longer accessible to untrusted Java applets. Credit to Adam
Gowdiak for reporting this issue.

QuickTime
CVE-ID: CVE-2007-4672
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in PICT image
processing. By enticing a user to open a maliciously crafted image,
an attacker may cause an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of PICT files. Credit to Ruben
Santamarta of reversemode.com working with TippingPoint and the Zero
Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2007-4676
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in PICT image processing.
By enticing a user to open a maliciously crafted image, an attacker
may cause an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of PICT files. Credit to Ruben Santamarta of
reversemode.com working with TippingPoint and the Zero Day Initiative
for reporting this issue.

QuickTime
CVE-ID: CVE-2007-4675
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie
files. By enticing a user to view a maliciously crafted QTVR file, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing bounds
checking on panorama sample atoms. Credit to Mario Ballano from
48bits.com working with the VeriSign iDefense VCP for reporting this
issue.

QuickTime
CVE-ID: CVE-2007-4677
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Mac OS X v10.5, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the parsing of the
color table atom when opening a movie file. By enticing a user to
open a maliciously crafted movie file, an attacker may cause an
unexpected application termination or arbitrary code execution. This
update addresses the issue by performing additional validation of
color table atoms. Credit to Ruben Santamarta of reversemode.com and
Mario Ballano of 48bits.com working with TippingPoint and the Zero
Day Initiative for reporting this issue.

QuickTime 7.3 may be obtained from the Software Update
application, or from the Apple Downloads site:
http://www.apple.com/support/downloads/

For Mac OS X v10.5
The download file is named: "QuickTime730_Leopard.dmg"
Its SHA-1 digest is: 581a470ce7b98b3c7e515fd8d610502a94214933

For Mac OS X v10.4.9 or later
The download file is named: "QuickTime730_Tiger.dmg"
Its SHA-1 digest is: 191e9789a9207921424185db1dc37792c7ec78e

For Mac OS X v10.3.9
The download file is named: "QuickTime730_Panther.dmg"
Its SHA-1 digest is: 969324ae94afe82173f155d7db31dbce8c02dd0

QuickTime 7.3 for Windows Vista, XP SP2
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 14788da58ad4e1cc219d4a92b833ca49b9d99e59

QuickTime 7.3 with iTunes for Windows Vista, XP SP2
The download file is named: "iTunes75Setup.exe"
Its SHA-1 digest is: b38005b53e608dcd2b4fe18b44cc419fefbc9411

Information will also be posted to the Apple Product Security
web site: http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

 

TOP