CERT-In Advisory CIAD-2010-26
Multiple Vulnerabilities in Apple QuickTime
Original issue date:
March 31, 2010
Severity Rating: High
Systems Affected
- Mac OS X Server 10.5
- Mac OS X 10.5
- Mac OS X 10.6
- Mac OS X Server 10.6
Software Affected
- Apple QuickTime versions prior to 7.6.6
Overview
Multiple vulnerabilities have been reported in Apple QuickTime, which could allow a remote attacker to execute an arbitrary code, bypass certain security restrictions, causes denial of service condition and potentially compromise a vulnerable system.
Description
1. QuickDraw Manager Heap buffer overflow Vulnerability
(CVE-2009-2837)
This vulnerability is caused due to an error when handling PICT images in QuickDraw Manager in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted PICT image to trigger a heap-based buffer overflow error.
2. QDM2 and QDCA Encoded Audio Content Memory Corruption Vulnerability (CVE-2010-0059)
This vulnerability is caused due to an error in the processing of QDM2 encoded audio content in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted audio content with QDM2 encoding to trigger a buffer overflow error.
3. QDM2 and QDCA Encoded Audio Content Memory Corruption Vulnerability (CVE-2010-0060)
This vulnerability is caused due to an error in QuickTimeAudioSupport.qtx when processing QDMC encoded audio content in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted audio content with QDMC encoding to trigger a memory corruption error.
4. H.263 PictureHeader Remote Code Execution Vulnerability
(CVE-2010-0062)
This vulnerability is caused due to an error in quicktime.qts when processing H.263 encoded movie files (.3g2) in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with H.263 encoding to trigger a heap-based buffer overflow error.
5. H.261 encoding Heap buffer overflow Vulnerability
(CVE-2010-0514)
This vulnerability is caused due to an error in the processing of H.261 encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with H.261 encoding to trigger a heap-based buffer overflow error.
6. H.264 encoding Memory corruption Vulnerability
(CVE-2010-0515)
This vulnerability is caused due to an error in the processing of H.264 encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with H.264 encoding to trigger a memory corruption error.
7. RLE encoding Heap buffer overflow Vulnerability
(CVE-2010-0516)
This vulnerability is caused due to an error in the parsing of samples in RLE encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie files with RLE encoding to trigger a heap-based buffer overflow error.
8. MJPEG Sample Dimensions Remote Code Execution Vulnerability (CVE-2010-0517)
This vulnerability is caused due to an error in the processing of M-JPEG encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted with M-JPEG encoding to trigger a heap-based buffer overflow error as one value is used for calculating the size of a heap buffer while another value is used when copying data to it.
9. Sorenson encoding Heap buffer overflow Vulnerability
(CVE-2010-0518)
This vulnerability is caused due to an error in the processing Sorenson encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with Sorenson encoding to trigger a memory corruption error.
10. FlashPix encoding Integer overflow Vulnerability
(CVE-2010-0519)
This vulnerability is caused due to an integer overflow error in the parsing of the "NumberOfTiles" field in the SubImage Header Stream of FlashPix encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with FlashPix encoding to trigger an integer overflow error.
11. FLC encoding Heap buffer overflow Vulnerability
(CVE-2010-0520)
This vulnerability is caused due to an error within QuickTimeAuthoring.qtx when parsing "DELTA_FLI" chunks in FLC encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with FLC encoding to trigger a heap-based buffer overflow error.
12. genl Atom Remote Code Execution Vulnerability
(CVE-2010-0526)
This vulnerability is caused due to an error in the processing of the "genl" atom in MPEG encoded movie files in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted movie file with MPEG encoding to trigger a heap-based buffer overflow error when decompressing data.
13. PICT image Memory corruption Vulnerability
(CVE-2010-0527)
This vulnerability is caused due to an integer overflow error in the processing of PICT images in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted PICT image to trigger a memory corruption error.
14. MediaVideo Compressor Name Remote Code Execution Vulnerability (CVE-2010-0528)
This vulnerability is caused due to an error when handling color tables included in MediaVideo data from a sample description atom (STSD) in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted color tables in a movie file to trigger a memory corruption error.
15. PICT image Heap buffer overflow Vulnerability
(CVE-2010-0529)
This vulnerability is caused due to an error in the processing of PICT images in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted PICT image to trigger a heap-based buffer overflow error.
16. BMP image processing Memory corruption Vulnerability
(CVE-2010-0536)
This vulnerability is caused due to an error in the processing of BMP images in Apple QuickTime . A remote attacker could exploit this vulnerability via a specially crafted BMP image to trigger a memory corruption error.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary code or cause denial of service condition.
Solution
Upgrade to Apple QuickTime version 7.6.6
http://www.apple.com/support/downloads/
Vendor Information
Apple
http://support.apple.com/kb/HT4077
http://support.apple.com/kb/HT4104
http://support.apple.com/kb/HT3937
References
Secunia
http://secunia.com/advisories/39133/
ZDI
http://www.zerodayinitiative.com/advisories/ZDI-10-035/
http://www.zerodayinitiative.com/advisories/ZDI-10-036/
http://www.zerodayinitiative.com/advisories/ZDI-10-037/
http://www.zerodayinitiative.com/advisories/ZDI-10-038/
http://www.zerodayinitiative.com/advisories/ZDI-10-040/
http://www.zerodayinitiative.com/advisories/ZDI-10-041/
http://www.zerodayinitiative.com/advisories/ZDI-10-042/
http://www.zerodayinitiative.com/advisories/ZDI-10-043/
http://www.zerodayinitiative.com/advisories/ZDI-10-044/
http://www.zerodayinitiative.com/advisories/ZDI-10-045/
SecurityFocus
http://www.securityfocus.com/bid/36956
http://www.securityfocus.com/bid/39160
SecurityTracker
http://securitytracker.com/alerts/2010/Mar/1023766.html
VUPEN
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2010/0746
CVE Name
CVE-2009-2837
CVE-2010-0059
CVE-2010-0060
CVE-2010-0062
CVE-2010-0514
CVE-2010-0515
CVE-2010-0516
CVE-2010-0517
CVE-2010-0518
CVE-2010-0519
CVE-2010-0520
CVE-2010-0526
CVE-2010-0527
CVE-2010-0528
CVE-2010-0529
CVE-2010-0536
CWE Name
CWE-119
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
