
Vulnerabilities in Apple QuickTime
Vulnerability: Multiple Vulnerabilities in Apple QuickTime
Danger: High
Patch: Yes
Quantity of vulnerabilities: 9
CVE ID: CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757 , CVE-2012-3758
Impact: System Compromise
Affected Products: Apple QuickTime 7.x
Affected versions: Apple QuickTime versions prior to 7.7.3
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
1. An error in the processing of PICT. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.
2. An error in the processing of PICT files. This can be exploited to corrupt memory and execute arbitrary code on the target system.
3. An error after release of the processing parameters in the object _qtactivex_ HTML.
4. An error in the processing of attribute transformations are text3GTrack. This can be exploited via a specially crafted file TeXML cause a buffer overflow and execute arbitrary code on the target system.
5. The vulnerability is due to an error when processing TeXML files. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.
6. The vulnerability is caused due to a boundary error when processing certain MIME types in the plugin. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.
7. An error after release of ActiveX control when handling the Clear (). A remote user can execute arbitrary code on the target system.
8. The vulnerability is caused due to a boundary error when processing a file Targa. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.
9. The vulnerability is caused due to a boundary error when processing rnet in MP4 files. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.
Manufacturer URL: http://www.apple.com
Solution: To resolve the vulnerability install the product, version 7.7.3 from the manufacturer.
Links: