RETIRED: Apple QuickTime Prior To 7.7.2 Multiple Arbitrary Code Execution Vulnerabilities
BID:53547
Info
RETIRED: Apple QuickTime Prior To 7.7.2 Multiple Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 53547 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | May 16 2012 11:00PM |
| Credit: | Alexander Gavrun, Luigi Auriemma, CHkr_D591, Alin Rad Pop, Damian Put, Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative, Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research |
| Vulnerable: |
Apple QuickTime Player 7.7.1 Apple QuickTime Player 7.6.8 Apple QuickTime Player 7.6.7 Apple QuickTime Player 7.6.6 (1671) Apple QuickTime Player 7.6.6 Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.5.5 Apple QuickTime Player 7.4.5 Apple QuickTime Player 7.4.1 Apple QuickTime Player 7.7 Apple QuickTime Player 7.64.17.73 Apple QuickTime Player 7.6.9 Apple QuickTime Player 7.6 Apple QuickTime Player 7.5 Apple QuickTime Player 7.4 |
| Not Vulnerable: |
Apple QuickTime Player 7.7.2 |
Discussion
RETIRED: Apple QuickTime Prior To 7.7.2 Multiple Arbitrary Code Execution Vulnerabilities
Apple QuickTime is prone to multiple vulnerabilities that may allow remote attackers to execute arbitrary code.
These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.7.2 are vulnerable on Windows 7, Vista and XP.
This BID is being retired. The following individual records exist to better document the issues:
53584 Apple QuickTime Prior To 7.7.2 '.pict' Files Memory Corruption Vulnerability
53583 Apple QuickTime Prior To 7.7.2 QTVR Files Remote Code Execution Vulnerability
53582 Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability
53580 Apple QuickTime Prior To 7.7.2 Sorenson Files Buffer Overflow Vulnerability
53579 Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability
53578 Apple QuickTime Prior To 7.7.2 File Path Handling Stack Overflow Vulnerability
53577 Apple QuickTime Prior To 7.7.2 QTMovie Objects Stack Overflow Vulnerability
53576 Apple QuickTime Prior To 7.7.2 H.264 Encoded Heap Overflow Vulnerability
53574 Apple QuickTime Prior To 7.7.2 Text Tracks Heap Overflow Vulnerability
53571 Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities
Apple QuickTime is prone to multiple vulnerabilities that may allow remote attackers to execute arbitrary code.
These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.7.2 are vulnerable on Windows 7, Vista and XP.
This BID is being retired. The following individual records exist to better document the issues:
53584 Apple QuickTime Prior To 7.7.2 '.pict' Files Memory Corruption Vulnerability
53583 Apple QuickTime Prior To 7.7.2 QTVR Files Remote Code Execution Vulnerability
53582 Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability
53580 Apple QuickTime Prior To 7.7.2 Sorenson Files Buffer Overflow Vulnerability
53579 Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability
53578 Apple QuickTime Prior To 7.7.2 File Path Handling Stack Overflow Vulnerability
53577 Apple QuickTime Prior To 7.7.2 QTMovie Objects Stack Overflow Vulnerability
53576 Apple QuickTime Prior To 7.7.2 H.264 Encoded Heap Overflow Vulnerability
53574 Apple QuickTime Prior To 7.7.2 Text Tracks Heap Overflow Vulnerability
53571 Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities
Exploit / POC
RETIRED: Apple QuickTime Prior To 7.7.2 Multiple Arbitrary Code Execution Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Apple QuickTime Prior To 7.7.2 Multiple Arbitrary Code Execution Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Apple QuickTime Player 7.7
Apple QuickTime Player 7.7.1
Solution:
Vendor updates are available. Please see the references for more information.
Apple QuickTime Player 7.7
-
Apple APPLE-SA-2012-05-15-1-QuickTimeInstaller.exe
http://www.apple.com/quicktime/download/
Apple QuickTime Player 7.7.1
-
Apple APPLE-SA-2012-05-15-1-QuickTimeInstaller.exe
http://www.apple.com/quicktime/download/
References
RETIRED: Apple QuickTime Prior To 7.7.2 Multiple Arbitrary Code Execution Vulnerabilities
References:
References:
- Apple QuickTime Homepage (Apple)