HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2009-04
Apple QuickTime Multiple Vulnerabilities

Original issue date: January 29, 2009

Severity Rating: High

Systems Affected

  • Apple QuickTime 7.x
  • Apple QuickTime MPEG-2 Playback Component versions prior to 7.60.92 0

Overview

Multiple vulnerabilities have been reported in Apple QuickTime media player which could be exploited by remote attackers to execute an arbitrary code or cause denial of service condition.

Description

QuickTime is a multimedia framework developed by Apple Inc. capable of handling various formats of digital video, media clips, sound, text, animation, music, and several types of interactive panoramic images.

1. RTSP URL Processing Heap Overflow Vulnerability
    (CVE-2009-0001)

A heap-based buffer overflow vulnerability is caused due to boundary error exists in the processing of RTSP URLs in Apple QuickTime. A remote attacker could exploit this vulnerability by accessing a specially crafted RTSP URL.

2. VR Track Header Atom Heap Corruption Vulnerability
    (CVE-2009-0002)

This vulnerability is caused due to improper validation of transform matrix data exists when processing Track Header (THKD) atoms in QuickTime Virtual Reality (QTVR) movie files. A remote attacker could exploit this issue by viewing a specially crafted QTVR movie file to trigger a heap overflow condition.

3. AVI Header nBlockAlign Heap Corruption Vulnerability
    (CVE-2009-0003)

This vulnerability is caused due to a specific flaw exists in the processing of "nBlockAlign" values in the "_WAVEFORMATEX" structure of AVI headers within the parsing of AVI files in Apple QuickTime. A remote attacker could exploit this issue by accessing a specially crafted AVI file to trigger a heap-based buffer overflow condition.

4. MPEG-2 Video with MP3 Audio Processing Buffer Overflow     Vulnerability (CVE-2009-0004)

This vulnerability exist due to boundary error in the processing of MPEG-2 video files containing MP3 audio content in Apple QuickTime. A remote attacker could exploit this vulnerability by a specially crafted MPEG-2 movie file with MP3 audio content, which triggers buffer overflow condition.

5. H.263 Movie File Processing Memory Corruption     Vulnerability (CVE-2009-0005)

This vulnerability is caused due to an unspecified error exists in the processing of H.263 encoded movie files in Apple QuickTime. A remote attacker could exploit this vulnerability by a specially crafted H.263 encoded movie file, which triggers a memory corruption error.

6. Cinepak Codec MDAT Heap Corruption Vulnerability
    (CVE-2009-0006)

An integer signedness error exists within the processing of the MDAT atom when handling Cinepak encoded movie files in Apple QuickTime. A remote attacker could exploit this vulnerability by viewing a specially crafted Cinepak-encoded movie file, which triggers a heap-based buffer overflow condition.

7. STSD JPEG Atom Heap Corruption Vulnerability
    (CVE-2009-0007)

This vulnerability is caused due to an error exists within the function JPEG_DComponentDispatch() when processing the image width data in JPEG atoms embedded in STSD atoms in Apple QuickTime. A remote attacker could exploit this vulnerability by viewing a specially crafted movie file containing crafted jpeg atoms, which triggers a heap-based buffer overflow condition.

8. MPEG-2 Playback Component Input Validation Vulnerability     (CVE-2009-0008)

This vulnerability is caused due to boundary checks error on user-supplied data in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 for Windows. A remote attacker could exploit this vulnerability by a specially crafted MPEG-2 movie file, which triggers memory-corruption error.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary code in the context of the current user or cause denial of service condition.


Solution

Update to version 7.6 or later
http://support.apple.com/downloads/

Vendor Information

Support Downloads
 http://support.apple.com/kb/HT3403
http://support.apple.com/kb/HT3404


References

 ZDI
http://www.zerodayinitiative.com/advisories/ZDI-09-005/
http://www.zerodayinitiative.com/advisories/ZDI-09-006/
http://www.zerodayinitiative.com/advisories/ZDI-09-007/
http://www.zerodayinitiative.com/advisories/ZDI-09-008/

SecurityFocus
http://www.securityfocus.com/bid/33393

Secunia
http://secunia.com/advisories/33632/

SecurityTracker
http://securitytracker.com/alerts/2009/Jan/1021621.html
http://securitytracker.com/alerts/2009/Jan/1021622.html
http://securitytracker.com/alerts/2009/Jan/1021623.html
http://securitytracker.com/alerts/2009/Jan/1021624.html
http://securitytracker.com/alerts/2009/Jan/1021625.html
http://securitytracker.com/alerts/2009/Jan/1021626.html
http://securitytracker.com/alerts/2009/Jan/1021627.html
http://securitytracker.com/alerts/2009/Jan/1021628.html

CVE Name
CVE-2009-0001
CVE-2009-0002
CVE-2009-0003
CVE-2009-0004
CVE-2009-0005
CVE-2009-0006
CVE-2009-0007
CVE-2009-0008

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003