فا

‫ Apple QuickTime Multiple Vulnerabilities

IRCAD2014023174
ID: IRCAD2014023174
Release Date: 2014-02-26
Criticality level: Highly critical
Software:

Apple QuickTime 7.x

Description:

Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

1) An error when handling track lists can be exploited to dereference an uninitialized pointer.

2) A boundary error when handling H.264 encoded movie files can be exploited to cause a buffer overflow.

3) An out-of-bounds memory write exists when handling QuickTime image descriptions.

4) A signedness error exists when handling "stsz" atoms.

5) A boundary error when handling "ftab" atoms can be exploited to cause a buffer overflow.

6) A boundary error when handling "dref" atoms can be exploited to corrupt memory.

7) A boundary error when handling "ldat" atoms can be exploited to cause a buffer overflow.

8) A boundary error when handling PSD images can be exploited to cause a buffer overflow.

9) An out-of-bounds memory write exists when handling "ttfo" elements.

10) A boundary error when handling "clef" atoms can be exploited to cause a buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 7.7.5.

Solution

Update to version 7.7.5.

References:
APPLE-SA-2014-02-25-3:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 12 اسفند 1392

امتیاز

امتیاز شما
تعداد امتیازها: 0