Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.0517 -- [Win][Mac][OSX] QuickTime: Execute Arbitrary Code 4 June 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: QuickTime Publisher: Apple Operating System: Mac OS X Windows Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2009-0957 CVE-2009-0956 CVE-2009-0955 CVE-2009-0954 CVE-2009-0953 CVE-2009-0952 CVE-2009-0951 CVE-2009-0188 CVE-2009-0185 CVE-2009-0010 Ref: ESB-2009.0459 Comment: Exploit code has been made public for the vulnerability CVE-2009-0955. Revision History: June 4 2009: Exploit available June 2 2009: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2009-06-01-1 QuickTime 7.6.2 QuickTime 7.6.2 is now available and addresses the following: QuickTime CVE-ID: CVE-2009-0188 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Carsten Eiram of Secunia Research for reporting this issue. QuickTime CVE-ID: CVE-2009-0951 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2009-0952 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2009-0010 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow in QuickTime's handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue. QuickTime CVE-ID: CVE-2009-0953 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2009-0954 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime CVE-ID: CVE-2009-0185 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Alin Rad Pop of Secunia Research for reporting this issue. QuickTime CVE-ID: CVE-2009-0955 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted video file may lead to an unexpected application termination or arbitrary code execution Description: A sign extension issue exists in QuickTime's handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of description atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue. QuickTime CVE-ID: CVE-2009-0956 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a movie file with a maliciously crafted user data atom may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue exists in QuickTime's handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files, and presenting a warning dialog to the user. Credit to Lurene Grenier of Sourcefire, Inc. (VRT) for reporting this issue. QuickTime CVE-ID: CVE-2009-0957 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators, and Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue. QuickTime 7.6.2 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ For Mac OS X v10.5.7 The download file is named: "QuickTime762_Leopard.dmg" Its SHA-1 digest is: 9484ba3e41638935625b7eb338f0b31298f1f973 For Mac OS X v10.4.11 The download file is named: "QuickTime762_Tiger.dmg" Its SHA-1 digest is: 74b1c170907dc402c6855b37cfe1a3432a10a92f For Windows Vista / XP SP3 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: f8ba0b1ef3cf5a0317ea28b31db71e79c63e48b8 QuickTime with iTunes for Windows 32-bit XP or Vista The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 16f5b1e787b36aece842ea5ae80bfc6bf2b32b19 QuickTime with iTunes for Windows 64-bit Vista The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: b8739f847f2b66835f4f4b542b3308de96d418ed Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJKJBK4AAoJEHkodeiKZIkBvUAH+wXt2nJzO7zaxUjV8hySZrrD 7aDnVpjjq+JTTC9BiKp2ywPtar9P6tQGqwJZDciKM4Erde0YcuqF57PHdAK9iVO7 LzV8Wy++uc7FT59jgY+wBMmBoaTQ12yykJLZCBOJJrS6C64XJUOPX4DMimaR7yu0 wVYsptCV79c5MQtcLGMmCyhtUTqhGdaZYDgeSkBJZq2rtkbGoIyzoCp7IteYrV3A t7FTWB8Rm5fyNsa97U15eMWgXfxTxUdKEnoe8gAdirUF8I3cNaKANsjKf13eb1AF JVbgJIhNIuL5cv6QtgJJ/b39zVQqEf3hxCFDmU5Ky7Q+C/yzDdCCbN5ncAz7uSs= =Ybpz - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKJwajNVH5XJJInbgRAhtwAKCAEB9jW+J38Wt40sYp9gHfYPPwswCeN8ys XV5WRFC5ysxasg3Vt1+D7+I= =UGrF -----END PGP SIGNATURE-----