site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-11-05 QuickTime 7.3 QuickTime 7.3 is now available and addresses the following issues: QuickTime CVE-ID: CVE-2007-2395 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of image description atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of QuickTime image descriptions. Credit to Dylan Ashe of Adobe Systems Incorporated for reporting this issue. QuickTime CVE-ID: CVE-2007-3750 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime Player's handling of Sample Table Sample Descriptor (STSD) atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of STSD atoms. Credit to Tobias Klein of www.trapkit.de for reporting this issue. QuickTime CVE-ID: CVE-2007-3751 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Untrusted Java applets may obtain elevated privileges Description: Multiple vulnerabilities exist in QuickTime for Java, which may allow untrusted Java applets to obtain elevated privileges. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker may cause the disclosure of sensitive information and arbitrary code execution with elevated privileges. This update addresses the issues by making QuickTime for Java no longer accessible to untrusted Java applets. Credit to Adam Gowdiak for reporting this issue. QuickTime CVE-ID: CVE-2007-4672 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT files. Credit to Ruben Santamarta of reversemode.com working with TippingPoint and the Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2007-4676 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT files. Credit to Ruben Santamarta of reversemode.com working with TippingPoint and the Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2007-4675 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files. By enticing a user to view a maliciously crafted QTVR file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing bounds checking on panorama sample atoms. Credit to Mario Ballano from 48bits.com working with the VeriSign iDefense VCP for reporting this issue. QuickTime CVE-ID: CVE-2007-4677 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the parsing of the color table atom when opening a movie file. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of color table atoms. Credit to Ruben Santamarta of reversemode.com and Mario Ballano of 48bits.com working with TippingPoint and the Zero Day Initiative for reporting this issue. QuickTime 7.3 may be obtained from the Software Update application, or from the Apple Downloads site: http://www.apple.com/support/downloads/ For Mac OS X v10.5 The download file is named: "QuickTime730_Leopard.dmg" Its SHA-1 digest is: 581a470ce7b98b3c7e515fd8d610502a94214933 For Mac OS X v10.4.9 or later The download file is named: "QuickTime730_Tiger.dmg" Its SHA-1 digest is: 191e9789a9207921424185db1dc37792c7ec78e For Mac OS X v10.3.9 The download file is named: "QuickTime730_Panther.dmg" Its SHA-1 digest is: 969324ae94afe82173f155d7db31dbce8c02dd0 QuickTime 7.3 for Windows Vista, XP SP2 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 14788da58ad4e1cc219d4a92b833ca49b9d99e59 QuickTime 7.3 with iTunes for Windows Vista, XP SP2 The download file is named: "iTunes75Setup.exe" Its SHA-1 digest is: b38005b53e608dcd2b4fe18b44cc419fefbc9411 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBRy+AA8gAoqu4Rp5tAQiMpggAkcS1K1tPbqHw+KvdP7e3ck2jMIAUXN83 /ghr8z5yL54pONas3GE96vsp1qyYVAzKuGoG4iRpMe+7fMYk+TOfLR7TWhaC+Usw m+NVPESANt8sKamKNdbtLyHhHEvXSi4dC8/WdIbifW115IvfAH/E/L2IDSlB6Nih jpQ83jWDluI+T/jit04A7p0aAfry8PJEjal7sQ8ZLnBHthRsel78a729Nk036dl7 +Pfh/SZedNq0v4aLH22gDTt7rImcyJ1oY4hBOLh9KGZGe1ppmCB/UtG5woAqgbFz G98/8MEQT0/bwBjsoTJ8G6eSUeMvmmUuBACSrW+EwxoUExres5zHGw== =u231 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com