Published: 2009-01-25T12:12+00:00
Last Updated: 2009-01-25T12:12+00:00
JVNTR-2009-04
Apple QuickTime Updates for Multiple Vulnerabilities (TA09-022A)
Overview
Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. Attackers may be able to exploit these vulnerabilities to execute arbitrary code or cause a denial of service.
Event Information
| Date (UTC) | Description |
| 2009-06-21 19:12 |
US-CERT Apple Releases QuickTime 7.6 US-CERT Current Activity Apple has released QuickTime 7.6, for both Windows and Mac OS X systems, to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. |
| 2009-01-22 22:47 |
US-CERT TA09-022A: Apple QuickTime Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2009-01-21 |
Apple Apple knowledgebase article HT3403: About the security content of QuickTime 7.6 This document describes the security content of QuickTime 7.6. |
| 2008-10-15 |
Zero Day Initiative (ZDI) ZDI-09-006: Apple QuickTime AVI Header nBlockAlign Heap Corruption Vulnerability Vulnerability Reported (CVE-2009-0003) The specific flaw exists within the parsing of AVI files. When the AVI header contains a malformed nBlockAlign value in the _WAVEFORMATEX structure, a heap overflow may occur which can be leveraged to execute arbitrary code under the context of the current user. |
| 2008-09-16 |
Zero Day Initiative (ZDI) ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability Vulnerability Reported (CVE-2009-0002) The specific flaw exists within the parsing of 'tkhd' atoms found inside QuickTimeVR files. Improper validation of the transform matrix data results in a heap chunk header overwrite leading to arbitrary code execution under the context of the currently logged in user. |
| 2008-06-25 |
Zero Day Initiative (ZDI) ZDI-09-008: Apple QuickTime STSD JPEG Atom Heap Corruption Vulnerability Vulnerability Reported (CVE-2009-0007) The specific flaw exists in the handling of JPEG atoms embedded in STSD atoms within the function JPEG_DComponentDispatch(). When the image width data in this atom is modified, a heap corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user. |
| 2008-06-23 |
Zero Day Initiative (ZDI) ZDI-09-007: Apple QuickTime Cinepak Codec MDAT Heap Corruption Vulnerability Vulnerability Reported (CVE-2009-0006) The specific flaw exists in the handling of movie data encoded using the Cinepak Video Codec. When parsing the data in the MDAT atom, there exists a signedness error which leads to a heap overflow. When this occurs it can be further leveraged to execute arbitrary code under the context of the current user. |