6 New Vulnerabilities found in Apple QuickTime plug-in
Secunia is reporting six new critical vulnerabilites discovered recently in Apple QuickTime plug-ins for Windows and Mac computers, which can be exploited by malicious persons or websites to take over a computer.
Secunia Advisory: SA24359
Release Date: 2007-03-06
Last Update: 2007-03-08
Software: Apple QuickTime 7.x
These vulnerabilities are rated a highly critical and can lead to remote system access and take-over if exploited on an unpatched version of QuickTime, on a Windows or Mac computer. Note that just one of these six vulnerabilities does not affect Mac OS X.
Details:
1) An integer overflow error exists in the handling of 3GP video files, on computers running Windows Vista/XP/2000. NOTE: This does not affect QuickTime on Mac OS X.
Impact: Viewing a maliciously-crafted 3GP file may lead to an application crash or arbitrary code execution
The rest of the vulnerabilities affect computers running Mac OS X v10.3.9 and later or Windows Vista/XP/2000.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: http://secunia.com/software_inspector/
Solution:
Apple has issued a patched version of QuickTime. Update to version 7.1.5.
Windows QuickTime Update:
http://www.apple.com/quicktime/download/win.html
Mac OS X QuickTime Update:
http://www.apple.com/quicktime/download/mac.html
As is the case with most of the vulnerabilities reported on my blog, or by other security websites, these takeovers can only occur when the user is running a Windows computer with Administrator privileges. The damage that can be done to your computer by this exploit is directly related to the level of your privileges to modify the operating system. Those people who surf the 'net with reduced user privileges will be less impacted, if at all, compared to Computer Administrators.
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
