CERT-In Advisory CIAD-2008-32
Multiple vulnerabilities in Apple QuickTime 7.x

Original issue date: June 13, 2008

Severity Rating: High

Systems Affected

•  Apple QuickTime Player 7.4
•  Apple QuickTime Player 7.3
•  Apple QuickTime Player 7.2
•  Apple QuickTime Player 7.1
•  Apple QuickTime Player 7.x

in Mac OS X, Windows Vista, Windows XP SP2 platforms.

Overview

Multiple vulnerabilities have been reported in Apple QuickTime that could be exploited by the remote attackers to cause a denial of service (i.e. application crash) and execute arbitrary code.These vulnerabilities can be exploited by persuading the users to open specially media files.

1. PICT image PixData structures Heap Buffer overflow     Vulnerability (CVE-2008-1581)

This vulnerability is caused due to a ‘heap-based buffer overflow' condition while handling the ‘PixData structures' in the processing of PICT files. An attacker could exploit this vulnerability by persuading the users to open a specially crafted PICT file. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution. This vulnerability does no affect Mac OS X systems.

2. AAC-encoded media Memory corruption Vulnerability
    (CVE-2008-1582)

This vulnerability is caused due to improper handling of AAC-encoded media files in Apple QuickTime. The attacker could exploit this vulnerability by creating a specially crafted AAC-encoded media file and persuade user to open the same. Opening a maliciously crafted media file causes a memory corruption issue, which may lead to an unexpected application termination or arbitrary code execution.

3. PICT image Heap Buffer overflow Vulnerability
    (CVE-2008-1583)

This vulnerability is caused due to a ‘heap-based buffer overflow' condition when processing the PICT files in Apple QuickTime. An attacker could exploit this vulnerability by persuading the users to open a specially crafted PICT image. Successful exploitation of this vulnerability may result in unexpected application termination or arbitrary code execution.

Solution

Update to version 7.5.

QuickTime 7.5 for Windows:
http://www.apple.com/support/downloads/quicktime75forwindows.html

Vendor Information

Apple Inc
http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html

References

Secunia
http://secunia.com/advisories/29293/
http://secunia.com/secunia_research/2008-9/advisory/

Zero Day
http://www.zerodayinitiative.com/advisories/ZDI-08-037/
http://www.zerodayinitiative.com/advisories/ZDI-08-038/

SecurityTracker
http://securitytracker.com/alerts/2008/Jun/1020213.html
http://securitytracker.com/alerts/2008/Jun/1020214.html
http://securitytracker.com/alerts/2008/Jun/1020215.html
http://securitytracker.com/alerts/2008/Jun/1020216.html
http://securitytracker.com/alerts/2008/Jun/1020217.html

SecurityFocus
http://www.securityfocus.com/bid/29619

CVE-Name
CVE-2008-1581
CVE-2008-1582
CVE-2008-1583
CVE-2008-1584
CVE-2008-1585

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003