CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 2nd, 2009

Apple Patches Security Vulnerabilities In QuickTime 7.6.2

Apple today released QuickTime 7.6.2 with fixes for a number of security vulnerabilities, some of which could lead to arbitrary code execution attacks.

The update, available for Mac OS X, Windows XP and Windows Vista, covers a total of 10 documented vulnerabilities that could be exploited via specially created, malicious movie, video, image and audio files.

The updates include:

CVE-2009-0188: A memory corruption issue exists in QuickTime’s handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0951: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0952: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0010: An integer underflow in QuickTime’s handling of PICT may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0953: A heap buffer overflow exists in QuickTime’s handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0954: A heap buffer overflow exists in QuickTime’s handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0185: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0955: A sign extension issue exists in QuickTime’s handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0956: An uninitialized memory access issue exists in QuickTime’s handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution.

CVE-2009-0957: A heap buffer overflow exists in QuickTime’s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution.

The update is available via the Software Update utility in Mac OS X) and Apple’s Windows Automatic Software Update tool in Windows. QuickTime 7.6.2 may also be obtained from the QuickTime Downloads site at http://www.apple.com/quicktime/download/

Share this item with others:

More on CyberInsecure:
  • Apple QuickTime Multiple Remote Vulnerabilities
  • QuickTime Crashing Zero-day Attack Code Published, Malicious Code Execution Possible
  • Apple Patches Serious Security Flaws In QuickTime 7.5.5
  • Critical Flaws Patched By Apple in QuickTime 7.5 Update
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Apple Patches Security Vulnerabilities In QuickTime 7.6.2

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.