Multiple Vulnerabilities in Apple QuickTime

Posted: November 9, 2012 in Vulnerabilities
Tags: ,

Vulnerability

Vulnerabilities in Apple QuickTime

Vulnerability: Multiple Vulnerabilities in Apple QuickTime

Danger: High
Patch: Yes
Quantity of vulnerabilities: 9

CVE ID: CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757 , CVE-2012-3758

Impact: System Compromise
Affected Products: Apple QuickTime 7.x
Affected versions: Apple QuickTime versions prior to 7.7.3

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. An error in the processing of PICT. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

2. An error in the processing of PICT files. This can be exploited to corrupt memory and execute arbitrary code on the target system.

3. An error after release of the processing parameters in the object _qtactivex_ HTML.

4. An error in the processing of attribute transformations are text3GTrack. This can be exploited via a specially crafted file TeXML cause a buffer overflow and execute arbitrary code on the target system.

5. The vulnerability is due to an error when processing TeXML files. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

6. The vulnerability is caused due to a boundary error when processing certain MIME types in the plugin. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

7. An error after release of ActiveX control when handling the Clear (). A remote user can execute arbitrary code on the target system.

8. The vulnerability is caused due to a boundary error when processing a file Targa. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

9. The vulnerability is caused due to a boundary error when processing rnet in MP4 files. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

Manufacturer URL: http://www.apple.com

Solution: To resolve the vulnerability install the product, version 7.7.3 from the manufacturer.

Links:

http://support.apple.com/kb/HT5581

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s