TITLE:
QuickTime Multiple Image/Media File Handling Vulnerabilities

SECUNIA ADVISORY ID:
SA18370

VERIFY ADVISORY:
https://secunia.com/advisories/18370/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
Apple QuickTime 7.x
https://secunia.com/product/5090/

DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.

1) A boundary error in the handling of QTIF images can be exploited
to cause a heap-based buffer overflow. This may allow arbitrary code
execution when a malicious QTIF image is viewed.

2) Some boundary and integer overflow/underflow errors in the
handling of TGA images can be exploited to cause a buffer overflow.
This may allow arbitrary code execution when a malicious TGA image is
viewed.

3) An integer overflow error exists in the handling of TIFF images.
This can potentially be exploited to execute arbitrary code when a
malicious TIFF image is viewed.

4) A boundary error in the handling of GIF images can be exploited to
cause a heap-based buffer overflow. This may allow arbitrary code
execution when a malicious GIF image is viewed.

5) A boundary error in the handling of certain media files can be
exploited to cause a heap-based buffer overflow. This may allow
arbitrary code execution when a malicious media file is viewed.

The vulnerabilities affect both the Mac OS X and the Windows
platforms.

SOLUTION:
Update to version 7.0.4.

Mac OS X (version 10.3.9 or later):
https://www.apple.com/support/downloads/quicktime704.html

Windows 2000/XP:
https://www.apple.com/quicktime/download/win.html

PROVIDED AND/OR DISCOVERED BY:
1) Varun Uppal, Kanbay.
2-3) Dejun Meng, Fortinet.
4-5) Karl Lynn, eEye Digital Security.

ORIGINAL ADVISORY:
https://docs.info.apple.com/article.html?artnum=303101

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
https://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------