BID:53571

Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities

Info

Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities

Bugtraq ID:	53571
Class:	Boundary Condition Error
CVE:	CVE-2012-0663
Remote:	Yes
Local:	No
Published:	May 15 2012 12:00AM
Updated:	Jun 28 2012 11:10PM
Credit:	Alexander Gavrun
Vulnerable:	Apple QuickTime Player 7.7.1 Apple QuickTime Player 7.6.8 Apple QuickTime Player 7.6.7 Apple QuickTime Player 7.6.6 (1671) Apple QuickTime Player 7.6.6 Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.5.5 + Apple Mac OS X 10.4.9 + Apple Mac OS X 10.3.9 + Apple Mac OS X 10.5 + Apple Mac OS X Server 10.4.9 + Apple Mac OS X Server 10.3.9 + Apple Mac OS X Server 10.5 Apple QuickTime Player 7.4.5 + Apple Mac OS X 10.4.9 + Apple Mac OS X 10.3.9 + Apple Mac OS X 10.5 + Apple Mac OS X Server 10.4.9 + Apple Mac OS X Server 10.3.9 + Apple Mac OS X Server 10.5 Apple QuickTime Player 7.4.1 Apple QuickTime Player 7.7 Apple QuickTime Player 7.64.17.73 Apple QuickTime Player 7.6.9 Apple QuickTime Player 7.6 Apple QuickTime Player 7.5 Apple QuickTime Player 7.4

Not Vulnerable:	Apple QuickTime Player 7.7.2

Solution / Fix

Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

Apple QuickTime Player 7.7

Apple APPLE-SA-2012-05-15-1-QuickTimeInstaller.exe
http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.7.1

Apple APPLE-SA-2012-05-15-1-QuickTimeInstaller.exe
http://www.apple.com/quicktime/download/

References

Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities

References:

Apple QuickTime Homepage (Apple)
Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerabilit (TippingPoint Zero Day Initiative)
Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerabi (TippingPoint Zero Day Initiative)
Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability (TippingPoint Zero Day Initiative)
Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability ZD (Zero Day Initiative )