Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
BID:53466
Info
Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
| Bugtraq ID: | 53466 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0661 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2012 12:00AM |
| Updated: | Aug 03 2012 10:42PM |
| Credit: | Damian Put working from Zero Day Initiative |
| Vulnerable: |
Apple QuickTime Player 7.7.1 Apple QuickTime Player 7.6.8 Apple QuickTime Player 7.6.7 Apple QuickTime Player 7.6.6 (1671) Apple QuickTime Player 7.6.6 Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.5.5 Apple QuickTime Player 7.4.5 Apple QuickTime Player 7.4.1 Apple QuickTime Player 7.3.1 .70 Apple QuickTime Player 7.3.1 Apple QuickTime Player 7.1.6 Apple QuickTime Player 7.1.5 Apple QuickTime Player 7.1.4 Apple QuickTime Player 7.1.3 Apple QuickTime Player 7.1.2 Apple QuickTime Player 7.1.1 Apple QuickTime Player 7.0.4 Apple QuickTime Player 7.0.3 Apple QuickTime Player 7.0.2 Apple QuickTime Player 7.0.1 Apple QuickTime Player 7.0 Apple QuickTime Player 7.7 Apple QuickTime Player 7.64.17.73 Apple QuickTime Player 7.6.9 Apple QuickTime Player 7.6 Apple QuickTime Player 7.5 Apple QuickTime Player 7.4 Apple QuickTime Player 7.3 Apple QuickTime Player 7.2 Apple QuickTime Player 7.1 Apple Mac Os X Server 10.7.3 Apple Mac Os X Server 10.7.2 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X 10.7.3 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 |
| Not Vulnerable: |
Apple QuickTime Player 7.7.2 Apple Mac Os X Server 10.7.4 Apple Mac Os X 10.7.4 |
Discussion
Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
Apple Mac OS X is prone to a remote code-execution vulnerability.
Attackers can leverage this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
The following versions are affected:
Apple OS X Lion 10.7 through 10.7.3
Apple OS X Lion Server 10.7 through 10.7.3
Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Apple Mac OS X is prone to a remote code-execution vulnerability.
Attackers can leverage this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
The following versions are affected:
Apple OS X Lion 10.7 through 10.7.3
Apple OS X Lion Server 10.7 through 10.7.3
Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Exploit / POC
Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Apple Mac Os X 10.7.2
Apple QuickTime Player 7.7
Apple Mac Os X Server 10.7.1
Apple Mac Os X Server 10.7.3
Apple Mac Os X Server 10.7.2
Apple Mac Os X 10.7.1
Apple Mac Os X 10.7.3
Apple Mac Os X Server 10.7
Apple QuickTime Player 7.7.1
Solution:
Updates are available. Please see the references for more information.
Apple Mac Os X 10.7.2
-
Apple MacOSXUpdCombo10.7.4.dmg
For OS X Lion v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple QuickTime Player 7.7
-
Apple APPLE-SA-2012-05-15-1-QuickTimeInstaller.exe
http://www.apple.com/quicktime/download/
Apple Mac Os X Server 10.7.1
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7.3
-
Apple MacOSXServerUpd10.7.4.dmg
For OS X Lion Server v10.7.3
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7.2
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.1
-
Apple MacOSXUpdCombo10.7.4.dmg
For OS X Lion v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.3
-
Apple MacOSXUpd10.7.4.dmg
For OS X Lion v10.7.3
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7
-
Apple MacOSXServerUpdCombo10.7.4.dmg
For OS X Lion Server v10.7 and v10.7.2
http://www.apple.com/support/downloads/
Apple QuickTime Player 7.7.1
-
Apple APPLE-SA-2012-05-15-1-QuickTimeInstaller.exe
http://www.apple.com/quicktime/download/
References
Apple Mac OS X CVE-2012-0661 Use After Free Remote Code Execution Vulnerability
References:
References:
- Apple Homepage (Apple)
- Security Update 2012-002 (Apple)