Status Tracking Note TRTA08-016A

Apple QuickTime Updates for Multiple Vulnerabilities

Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Event Information


Date (UTC)Description
2008-02-06 20:58 Apple
Article ID: 307407: About the security content of QuickTime 7.4.1
2008-01-16 20:36 US-CERT
TA08-016A: Apple QuickTime Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
2008-01-16 18:18 US-CERT
Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime
US-CERT Current Activity
Apple has released QuickTime 7.4, iPhone v1.1.3, and iPod touch v1.1.3 to address multiple vulnerabilities in these products. The impacts of these vulnerabilities include arbitrary code execution, application termination, authentication bypass, and cross-site scripting.
2008-01-15 22:09 SANS Internet Storm Center
Apple releases QuickTime 7.4 with security fixes
Apple has just released QuickTime 7.4 which fixes several security vulnerabilities.
2008-01-14
Buffer-overflow in Quicktime Player 7.3.1.70
Vulnerability Proof Of Concept (Buffer overflow in Apple Quicktime Player - CVE-2008-0234)
The problem is a buffer-overflow which happens during the handling of the HTTP error message and its visualization in the LCD-like screen which contains info about the status of the connection.
#Cid: quicktimebof.zip
2008-01-11 Apple
Article ID: 307301: About the security content of QuickTime 7.4
2008-01-10
Buffer-overflow in Quicktime Player 7.3.1.70
Vulnerability Proof Of Concept (Buffer overflow in Apple Quicktime Player - CVE-2008-0234)
The problem is a buffer-overflow which happens during the filling of the LCD-like screen containing info about the status of the connection.
#Cid: 27225.txt
2007-10-19 TippingPoint
TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability
IDSC Atom Memory Corruption Vulnerability (CVE-2008-0033)
Vulnerability Reported
2007-09-13 iDefense
Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability
Resource Processing Heap Corruption Vulnerability (CVE-2008-0032)
Vulnerability Reported
The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs.

Reference

Date first published (UTC): 2008-01-21T11:24+00:00
Date last updated (UTC): 2008-02-25T00:00+00:00
Valid HTML 4.01!