RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
BID:39087
Info
RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 39087 |
| Class: | Unknown |
| CVE: |
CVE-2010-0527 CVE-2010-0528 CVE-2010-0529 CVE-2010-0536 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2010 12:00AM |
| Updated: | Mar 31 2010 11:02PM |
| Credit: | Tom Ferris of the Adobe Secure Software Engineering Team, Alex Selivanov, Damian Put working with TippingPoint and the Zero Day Initiative, and an anonymous researcher working with TippingPoint and the Zero Day Initiative |
| Vulnerable: |
Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.6 |
| Not Vulnerable: |
Apple QuickTime Player 7.6.6 |
Discussion
RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
Apple QuickTime is prone to multiple vulnerabilities that may allow remote attackers to execute arbitrary code.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms.
The following individual records exist to better document these issues:
39140 Apple QuickTime PICT File Remote Heap Buffer Overflow Vulnerability
39141 Apple QuickTime BMP File Memory Corruption Vulnerability
39136 Apple QuickTime PICT File Integer Overflow Arbitrary Code Execution Vulnerability
39139 Apple QuickTime Color Table Remote Code Execution Vulnerability
Apple QuickTime is prone to multiple vulnerabilities that may allow remote attackers to execute arbitrary code.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.6 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms.
The following individual records exist to better document these issues:
39140 Apple QuickTime PICT File Remote Heap Buffer Overflow Vulnerability
39141 Apple QuickTime BMP File Memory Corruption Vulnerability
39136 Apple QuickTime PICT File Integer Overflow Arbitrary Code Execution Vulnerability
39139 Apple QuickTime Color Table Remote Code Execution Vulnerability
Exploit / POC
RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
Solution:
The vendor has released an advisory and fixes. Please see the references for details.
Solution:
The vendor has released an advisory and fixes. Please see the references for details.
References
RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
References:
References:
- Apple QuickTime Homepage (Apple)