6 New Vulnerabilities found in Apple QuickTime plug-in
Secunia is reporting six new critical vulnerabilites discovered recently in Apple QuickTime plug-ins for Windows and Mac computers, which can be exploited by malicious persons or websites to take over a computer.
Secunia Advisory: SA24359
Release Date: 2007-03-06
Last Update: 2007-03-08
Software: Apple QuickTime 7.x
These vulnerabilities are rated a highly critical and can lead to remote system access and take-over if exploited on an unpatched version of QuickTime, on a Windows or Mac computer. Note that just one of these six vulnerabilities does not affect Mac OS X.
Details:
1) An integer overflow error exists in the handling of 3GP video files, on computers running Windows Vista/XP/2000. NOTE: This does not affect QuickTime on Mac OS X.
Impact: Viewing a maliciously-crafted 3GP file may lead to an application crash or arbitrary code execution
The rest of the vulnerabilities affect computers running Mac OS X v10.3.9 and later or Windows Vista/XP/2000.
2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.
3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.
4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.
5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.
6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.
7) An integer overflow exists in the handling of QTIF files.
8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: http://secunia.com/software_inspector/
Solution:
Apple has issued a patched version of QuickTime. Update to version 7.1.5.
Windows QuickTime Update:
http://www.apple.com/quicktime/download/win.html
Mac OS X QuickTime Update:
http://www.apple.com/quicktime/download/mac.html
As is the case with most of the vulnerabilities reported on my blog, or by other security websites, these takeovers can only occur when the user is running a Windows computer with Administrator privileges. The damage that can be done to your computer by this exploit is directly related to the level of your privileges to modify the operating system. Those people who surf the 'net with reduced user privileges will be less impacted, if at all, compared to Computer Administrators.
Get Norton 360 Version 4.0 - All-In-One Security.
If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.
Wiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. 