APPLE-SA-2012-05-15-1 QuickTime 7.7.2
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
- Subject: APPLE-SA-2012-05-15-1 QuickTime 7.7.2
- From: Apple Product Security <email@hidden>
- Date: Tue, 15 May 2012 13:17:43 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-05-15-1 QuickTime 7.7.2
QuickTime 7.7.2 is now available and addresses the following:
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple stack overflows existed in QuickTime's
handling of TeXML files. These issues do not affect OS X systems.
CVE-ID
CVE-2012-0663 : Alexander Gavrun working with HP's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap overflow existed in QuickTime's handling of text
tracks. This issue does not affect OS X systems.
CVE-ID
CVE-2012-0664 : Alexander Gavrun working with HP's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in the handling of H.264
encoded movie files.
CVE-ID
CVE-2012-0665 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted MP4 encoded file may lead to
an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue existed in the
handling of MP4 encoded files. For OS X Lion systems, this issue is
addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this
issue is addressed in Security Update 2012-001.
CVE-ID
CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP's Zero
Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An off by one buffer overflow existed in the handling
of rdrf atoms in QuickTime movie files. For OS X Lion systems, this
issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems,
this issue is addressed in Security Update 2012-001.
CVE-ID
CVE-2011-3459 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file during progressive
download may lead to an unexpected application termination or
arbitrary code execution
Description: A buffer overflow existed in the handling of audio
sample tables. For OS X Lion systems, this issue is addressed in OS X
Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in
Security Update 2012-002.
CVE-ID
CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted MPEG file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of MPEG
files. For OS X Lion systems, this issue is addressed in OS X Lion
v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in
Security Update 2012-002.
CVE-ID
CVE-2012-0659 : An anonymous researcher working with HP's Zero Day
Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow existed in the QuickTime
plugin's handling of QTMovie objects. This issue does not affect OS X
systems.
CVE-ID
CVE-2012-0666 : CHkr_D591 working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Processing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of PNG files.
For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3.
For Mac OS X v10.6 systems, this issue is addressed in Security
Update 2012-001.
CVE-ID
CVE-2011-3460 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of QTVR
movie files. This issue does not affect OS X systems.
CVE-ID
CVE-2012-0667 : Alin Rad Pop working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of
JPEG2000 encoded movie files. This issue does not affect systems
prior to OS X Lion. For OS X Lion systems, this issue is addressed in
OS X Lion v10.7.4.
CVE-ID
CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of RLE
encoded movie files.
CVE-ID
CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in QuickTime's handling of
Sorenson encoded movie files. This issue does not affect OS X
systems.
CVE-ID
CVE-2012-0669 : Damian Put working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in QuickTime's handling of
sean atoms.
CVE-ID
CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)
working with HP's Zero Day Initiative
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted .pict file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.pict files.
CVE-ID
CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the
Qualys Vulnerability & Malware Research Labs (VMRL)
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a file in a maliciously crafted path may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow existed in QuickTime's handling
of file paths. This issue does not affect OS X systems.
CVE-ID
CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security
Center via Secunia SVCRP
QuickTime
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted MPEG file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer underflow existed in QuickTime's handling of
audio streams in MPEG files.
CVE-ID
CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability
Research (MSVR)
QuickTime 7.7.2 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: ed569d62b3f8c24ac8e9aec7275f17cbb14d2124
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJPsobhAAoJEPefwLHPlZEwk/sP/0C8iXVhnG481GbA03CMhKXJ
XDooIlCG6YeoeJxGfri/vqlzqcHe3R90K6R89z1dKGU2bWGvtITh95E+WKll++7F
hHYq6YC+r/o1cP1SjBi6A3swhN57m1nQZRIEnnIm+nBSxaiHA6xdRSUaK4ighLSA
jbOVfu/6NPuGSlgWBPKSISDY2FhL0GH0QVLW/piVtMTrxhizlE7dgieipAPoVvRC
SW2W0te7ujo2X167f2GS8EwplUkj/yVeScdr/6HjLkAXIQ1B9RNqTeOdyQZjTxay
32xhZTQ+JfSQzY6VSGoF0bqlK39u5UyzySIKS446OxclYI6xGKSFvTN3nBUwERd+
W+E/4k3Ry4OYEkgZ5yltXO8bJvGZtmpLOkq94Vb4w7EaEgJ452J/YjqCEEbmtAKM
0W9g1jt5av5Hv+vQ7rufR1tJ6CqkIDDr0f3qY+W/F8ZtdA8Bkvm9568d3L1Vlbai
zy89w39Z1RTPMLccZEhtd+80f75P+R3n88X5czjXYignrUJbxhM/S8meqQB5GUB9
nJvZtWB1wlACHJ/EKUTv6miK20XE1OukRyvW0o7WWplqBj5KFWvRcV0tovfybGY9
EKwmao4Hwmq+ovJBFLZj/TV6MMxsJjS9qVea/yOlzZCy+6dwok38yyMAqy+m2dLT
X2aq0dgzK7qjPx0FRyOx
=BPXs
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden