Published: 2008-06-11T10:51+00:00
Last Updated: 2008-06-11T10:51+00:00
TRTA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Event Information
| Date (UTC) | Description |
| 2008-06-10 20:02 |
US-CERT TA08-162C: Apple Quicktime Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-06-10 13:11 |
SANS Internet Storm Center Upgrade to QuickTime 7.5 Apple released earlier QuickTime 7.5, which a.o. fixes a number of security bugs. |
| 2008-06-10 13:05 |
US-CERT Apple Releases QuickTime 7.5 US-CERT Current Activity Apple has released QuickTime 7.5 to address multiple vulnerabilities. |
| 2008-06-09 |
Apple Apple knowledgebase article HT1991: About the security content of QuickTime 7.5 This document describes the security content of QuickTime 7.5. |
| 2008-05-08 |
Zero Day Initiative (ZDI) ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution "file: URL" arbitrary code execution (CVE-2008-1585) Vulnerability Reported The specific flaw exists in the handling of SMIL text embedded in video formats. No sanity checking is performed on values of the qt:next attribute. When the URI for this attribute is a file type not recognized by QuickTime, it is passed to url.dll!FileProtocolHandler which will allow explorer.exe handle non-http filetypes. Successful exploitation can result in the execution of arbitrary code. |
| 2008-03-10 |
Secunia Research 2008-9: Apple QuickTime PICT Image Parsing Buffer Overflow PICT Image Parsing Buffer Overflow (CVE-2008-1581) Vulnerability Reported |
| 2008-02-07 |
Zero Day Initiative (ZDI) ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability Indeo Video Buffer Overflow (CVE-2008-1584) Vulnerability Reported The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking withing Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. |