CERT-In Advisory CIAD-2008-21
Multiple vulnerabilities in Apple QuickTime
Original issue date:
April 11, 2008
Severity Rating: High
Systems Affected
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.3
• Apple QuickTime Player 7.2
• Apple QuickTime Player 7.1
• Apple QuickTime Player 7.x
Overview
Multiple vulnerabilities have been reported in Apple QuickTime that could be exploited by remote an attacker for malicious purposes to disclose potentially sensitive information or compromise a user's system. These vulnerabilities exists in the processing of movie files which can be exploited to cause memory corruption and may allow execution of arbitrary code when a user accesses a specially crafted movie files.
Description
1. Un-trusted Java applets vulnerability (CVE-2008-1013)
This vulnerability is caused due to error in Apple QuickTime while handling Java Applets. The attacker could exploit this vulnerability by creating specially crafted Java applet by de-serialize objects provided by QTJava and persuade user to open the same. Successful exploitation of this vulnerability may result in information disclosure.
2. Quick Time Movie file vulnerability (CVE-2008-1014)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling external URLs embedded in movie files. The attacker could exploit this vulnerability by creating specially crafted movie file which automatically open external URLs embedded in movie files and persuade user to open the same Successful exploitation of this vulnerability may result in Information disclosure.
3. Quick Time movie file Buffer overflow vulnerability
(CVE-2008-1015)
This vulnerability is caused due to input validation error in Apple QuickTime while handling of data reference atoms within movie files. The attacker could exploit this vulnerability by creating specially crafted data reference atoms in the movie file and persuade user to open the same . Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution
4. Quick Time Memory corruption Vulnerability
(CVE-2008-1016)
This vulnerability is caused due to memory corruption in Apple QuickTime while handling movie media tracks. The attacker could exploit this vulnerability by creating specially crafted movie file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution .
5. Quick Time 'crgn' atoms Heap Buffer overflow Vulnerability (CVE-2008-1017)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling "crgn" atoms. The attacker could exploit this vulnerability by creating specially crafted 'crgn' atoms in the movie file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
6. Quick Time 'chan' atoms Heap Buffer overflow Vulnerability (CVE-2008-1018)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling "chan" atoms. The attacker could exploit this vulnerability by creating specially crafted "chan" atoms in the movie file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
7. Quick Time PICT Image file vulnerability (CVE-2008-1019)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling PICT records files. The attacker could exploit this vulnerability by creating specially crafted PICT image file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
8. Quick Time PICT Image file error message vulnerability
(CVE-2008-1020)
This vulnerability is caused due to unspecified error in Apple QuickTime while processing error messages PICT image file. The attacker could exploit this vulnerability by creating specially crafted PICT image file and persuade user to visit the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
9. Quick Time Animation codec content Vulnerability
(CVE-2008-1021)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling Animation codec content in quick Time movie File. The attacker could exploit this vulnerability by creating specially crafted PICT image file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
10. Quick Time ‘VR Movie' file vulnerability (CVE-2008-1022)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling "obji" atoms within VR movie file in quick Time movie File. The attacker could exploit this vulnerability by creating specially crafted QuickTime VR movie file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
11. Quick Time ‘Clip opcode' vulnerability (CVE-2008-1023)
This vulnerability is caused due to unspecified error in Apple QuickTime while handling clip opcode in quick time PICT image file . The attacker could exploit this vulnerability by creating specially crafted Clip opcodes in PICT image file and persuade user to open the same. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.
Solution
Update to version 7.4.5.
QuickTime 7.4.5 for Windows:
http://www.apple.com/support/downloads/quicktime745forwindows.html
Vendor Information
Apple Inc.
http://support.apple.com/kb/HT1241
References
Zero Day
http://zerodayinitiative.com/advisories/ZDI-08-015/
http://zerodayinitiative.com/advisories/ZDI-08-016/ http://zerodayinitiative.com/advisories/ZDI-08-014/
http://zerodayinitiative.com/advisories/ZDI-08-017/ http://zerodayinitiative.com/advisories/ZDI-08-018/ http://zerodayinitiative.com/advisories/ZDI-08-019/
ISC-SANS
http://www.isc.sans.org//diary.html?storyid=4232
Secuina
http://secunia.com/advisories/29650/
Security Focus
http://www.securityfocus.com/bid/28583/info
CVE Name
CVE-2008-1013
CVE-2008-1014
CVE-2008-1015
CVE-2008-1016
CVE-2008-1017
CVE-2008-1018
CVE-2008-1019
CVE-2008-1020
CVE-2008-1021
CVE-2008-1022
CVE-2008-1023 Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
