Published: 2007-11-07T23:22+00:00    Last Updated: 2007-11-18T05:25+00:00

TRTA07-310A
Apple QuickTime Updates for Multiple Vulnerabilities

Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Event Information

Date (UTC)Description
2007-11-10 13:41 48Bits
TPTI-07-20: [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow
Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability (CVE-2007-4675)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.
2007-11-06 23:13 US-CERT
TA07-310A: Apple QuickTime Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
2007-11-06 19:51 US-CERT
Apple Releases Security Update to Address Multiple QuickTime Vulnerabilities
US-CERT Current Activity
Apple has released QuickTime 7.3 to address multiple vulnerabilities in QuickTime. The impacts of these vulnerabilities include arbitrary code execution and denial of service.
2007-11-05 Apple
Article ID: 306896: About the security content of QuickTime 7.3
2007-10-19 TippingPoint
TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability
Stack Overflow Vulnerability (CVE-2007-4674)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.
Vulnerability Reported
2007-09-14 Zero Day Initiative (ZDI)
ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability
PICT Image Remote Stack Buffer Overflow Vulnerability (CVE-2007-4672)
The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code.
Vulnerability Reported
2007-09-14 Zero Day Initiative (ZDI)
ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability
PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities (CVE-2007-4676)
The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution.
Vulnerability Reported
2007-09-14 Zero Day Initiative (ZDI)
ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability
PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities (CVE-2007-4676)
The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user.
Vulnerability Reported
2007-09-14 Zero Day Initiative (ZDI)
ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability
Color Table Atom Remote Heap Buffer Overflow Vulnerability (CVE-2007-4677)
The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code.
Vulnerability Reported
2007-09-13 iDefense
Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability
Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability (CVE-2007-4675)
Vulnerability Reported