|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2008-13

Multiple Vulnerabilities in Quicktime patched by apple

Original Issue Date: 10 th June 2008

Overview

The following vulnerabilities exist apple quicktime:

  • PixData Structure Vulnerability
  • AAC -encoded Vulnerability
  • PICT File Heap Overflow Vulnerability
  • Indeo Video Media Stack Overflow Vulnerability
  • File URL Handling Vulnerability

Description

PixData Structure Vulnerability

A vulnerability in Apple QuickTime may allow for remote code-execution attacks. The flaw lies in the processing of PICT files with crafted PixData structures due to improper bounds checking. Exploitation would require the victim to view a malicious PICT file.

AAC -encoded Vulnerability

A vulnerability in Apple QuickTime may allow for remote code-execution attacks. The flaw lies in the processing AAC-encoded files due to improper validation checks. Exploitation would require the victim to view a malicious media file.

PICT File Heap Overflow Vulnerability

A vulnerability in Apple QuickTime may allow for remote code-execution attacks. The flaw is a heap overflow in the processing of specially crafted .PICT files. Exploitation would require the victim to view a malicious image file.

Indeo Video Media Stack Overflow Vulnerability

A vulnerability in Apple QuickTime may allow for remote code-execution attacks. The flaw is a stack overflow in the processing of specially crafted Indeo video media files. Exploitation would require the victim to view a malicious Indeo video media file.

File URL Handling Vulnerability

A vulnerability in Apple QuickTime may allow for remote code-execution attacks. A specially crafted file could use the file: URL to launch arbitrary applications. Exploitation would require the victim to view a malicious QuickTime file.

Affected systems  

Quicktime  

Main threat vectors

Web; Locally logged-on user

Impact

PixData Structure Vulnerability

Opening a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution

AAC -encoded Vulnerability

Opening a maliciously crafted AAC-encoded media content may lead to an unexpected application termination or arbitrary code execution

PICT File Heap Overflow Vulnerability

Opening a maliciously crafted PICT image file may lead to an unexpected application termination or arbitrary code execution

Indeo Video Media Stack Overflow Vulnerability

Viewing maliciously crafted Indeo video media content may lead to an unexpected application termination or arbitrary code execution

File URL Handling Vulnerability

Playing maliciously crafted QuickTime content in QuickTime Player may lead to arbitrary code execution

Solution

upgrade to quicktime 7.5

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Apple  

CVE-Name

CVE-2008-1581

CVE-2008-1582

CVE-2008-1583

CVE-2008-1584

CVE-2008-1585 

References

Apple

 
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +
09-Jul-2011