Knowledge base

About the security content of QuickTime 7.7.3

Posted in Apple Mac OS

Summary

This document describes the security content of QuickTime 7.7.3.

Products Affected

Product Security, QuickTime 7 (Windows)

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

QuickTime 7.7.3

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2011-1374 : Mark Yason of the IBM X-Force

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR)

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2012-3751 : chkr_d591 working with iDefense VCP

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management.

    CVE-ID

    CVE-2012-3754 : CHkr_d591 working with iDefense VCP

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3755 : Senator of Pirates

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3756 : Kevin Szkudlapski of QuarksLab

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Read more http://support.apple.com/kb/HT5581