Published: 2007-11-07T23:22+00:00
Last Updated: 2007-11-18T05:25+00:00
TRTA07-310A
Apple QuickTime Updates for Multiple Vulnerabilities
Overview
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Event Information
| Date (UTC) | Description |
| 2007-11-10 13:41 |
48Bits TPTI-07-20: [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability (CVE-2007-4675) This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. |
| 2007-11-06 23:13 |
US-CERT TA07-310A: Apple QuickTime Updates for Multiple Vulnerabilities Via US-CERT Mailing List Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. |
| 2007-11-06 19:51 |
US-CERT Apple Releases Security Update to Address Multiple QuickTime Vulnerabilities US-CERT Current Activity Apple has released QuickTime 7.3 to address multiple vulnerabilities in QuickTime. The impacts of these vulnerabilities include arbitrary code execution and denial of service. |
| 2007-11-05 |
Apple Article ID: 306896: About the security content of QuickTime 7.3 |
| 2007-10-19 |
TippingPoint TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability Stack Overflow Vulnerability (CVE-2007-4674) This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. Vulnerability Reported |
| 2007-09-14 |
Zero Day Initiative (ZDI) ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability PICT Image Remote Stack Buffer Overflow Vulnerability (CVE-2007-4672) The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. Vulnerability Reported |
| 2007-09-14 |
Zero Day Initiative (ZDI) ZDI-07-067: Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities (CVE-2007-4676) The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution. Vulnerability Reported |
| 2007-09-14 |
Zero Day Initiative (ZDI) ZDI-07-066: Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities (CVE-2007-4676) The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user. Vulnerability Reported |
| 2007-09-14 |
Zero Day Initiative (ZDI) ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability Color Table Atom Remote Heap Buffer Overflow Vulnerability (CVE-2007-4677) The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code. Vulnerability Reported |
| 2007-09-13 |
iDefense Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability (CVE-2007-4675) Vulnerability Reported |