CERT-MU :Advisories

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU AD-2009-07

Multiple Vulnerabilities in Apple QuickTime

Original issue date: 03 June, 2009

Overview

Multiple buffer overflow vulnerabilities have been reported in Apple QuickTime which could allow remote attacker to execute arbitrary code on affected systems and failure attempts may cause denial of service condition.

Description

Interger Underflow Vulnerability

An interger underflow vulnerability has been reported in QuickDraw Manager of Apple QuickTime. This vulnerability is caused due to improper handling of PICT image files, which could lead to heap buffer overflow condition.
Heap Buffer Overflow Vulnerability in MS ADPCM Audio File formats

A Heap-based buffer overflow vulnerability has been reported in Apple QuickTime. This vulnerability is caused due to improper handling of MS ADPCM encoded audio data.
Memory Corruption Vulnerability

A Memory corruption vulnerability has been reported in Apple QuickTime. This vulnerability is caused due to improper handling of Sorenson 3 video files.
Heap Buffer Overflow Vulnerability

A Heap buffer overflow vulnerability has been reported in Apple QuickTime. This vulnerability is caused due to improper handling of FLC compressed file formats.
Buffer Overflow Vulnerability

A Buffer overflow vulnerability has been reported in Apple QuickTime. This vulnerability is caused while processing compressed PSD Image file formats.
Heap Buffer Overflow vulnerability

A Heap buffer overflow vulnerability has been reported in Apple QuickTime. This vulnerability is caused due to improper handling of PICT Image file formats.
Sign Extension Vulnerability

A sign extension issue exists in Apple QuickTime. This vulnerability is caused due to improper handling of image description atoms.
Remote code execution vulnerability

An uninitialized memory access issue exists in Apple QuickTime. This vulnerability is caused due to improper handling of movie file formats with a zero user data atom size.
Heap Buffer Overflow vulnerability

A Heap buffer overflow vulnerability has been reported in Apple QuickTime. This vulnerability is caused due to improper handling of JP2 image file formats.

A remote attacker could exploit these vulnerabilities by enticing naive users to open specially crafted Apple QuickTime files. Successful exploitation of these vulnerabilities could allow remote attacker to execute arbitrary code on the machine installed with affected softwares with privileges of currently logged-in user. Unsuccessful attempts could result in denial of service condition or application crash.