Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.0517 -- [Win][Mac][OSX]
QuickTime: Execute Arbitrary Code
4 June 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: QuickTime
Publisher: Apple
Operating System: Mac OS X
Windows
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2009-0957 CVE-2009-0956 CVE-2009-0955
CVE-2009-0954 CVE-2009-0953 CVE-2009-0952
CVE-2009-0951 CVE-2009-0188 CVE-2009-0185
CVE-2009-0010
Ref: ESB-2009.0459
Comment: Exploit code has been made public for the vulnerability CVE-2009-0955.
Revision History: June 4 2009: Exploit available
June 2 2009: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2009-06-01-1 QuickTime 7.6.2
QuickTime 7.6.2 is now available and addresses the following:
QuickTime
CVE-ID: CVE-2009-0188
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of Sorenson 3 video files. This may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue by performing additional validation of Sorenson 3
video files. Credit to Carsten Eiram of Secunia Research for
reporting this issue.
QuickTime
CVE-ID: CVE-2009-0951
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted FLC compression file may lead
to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of FLC
compression files. Opening a maliciously crafted FLC compression file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2009-0952
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a maliciously crafted PSD image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow may occur while processing a
compressed PSD image. Opening a maliciously crafted compressed PSD
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue through improved
bounds checking. Credit to Damian Put working with TippingPoint's
Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2009-0010
Available for: Windows Vista and XP SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer underflow in QuickTime's handling of PICT
images may result in a heap buffer overflow. Opening a maliciously
crafted PICT file may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of PICT images. Credit to Sebastian
Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries
of Carnegie Mellon University Computing Services for reporting this
issue.
QuickTime
CVE-ID: CVE-2009-0953
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of PICT images. Opening a maliciously crafted PICT file may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of PICT images. Credit to Sebastian Apelt working with TippingPoint's
Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2009-0954
Available for: Windows Vista and XP SP3
Impact: Opening a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of Clipping Region (CRGN) atom types in a movie file. Opening a
maliciously crafted movie file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved bounds checking. This issue does not affect
Mac OS X systems. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2009-0185
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of MS
ADPCM encoded audio data. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to Alin Rad Pop of Secunia Research for reporting
this issue.
QuickTime
CVE-ID: CVE-2009-0955
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted video file may lead to an
unexpected application termination or arbitrary code execution
Description: A sign extension issue exists in QuickTime's handling
of image description atoms. Opening a maliciously crafted Apple video
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue through improved
validation of description atoms. Credit to Roee Hay of IBM Rational
Application Security Research Group for reporting this issue.
QuickTime
CVE-ID: CVE-2009-0956
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a movie file with a maliciously crafted user data
atom may lead to an unexpected application termination or arbitrary
code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of movie files. Viewing a movie file with a zero
user data atom size may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of movie files, and presenting a
warning dialog to the user. Credit to Lurene Grenier of Sourcefire,
Inc. (VRT) for reporting this issue.
QuickTime
CVE-ID: CVE-2009-0957
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of JP2 images. Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. Credit
to Charlie Miller of Independent Security Evaluators, and Damian Put
working with TippingPoint's Zero Day Initiative for reporting this
issue.
QuickTime 7.6.2 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
For Mac OS X v10.5.7
The download file is named: "QuickTime762_Leopard.dmg"
Its SHA-1 digest is: 9484ba3e41638935625b7eb338f0b31298f1f973
For Mac OS X v10.4.11
The download file is named: "QuickTime762_Tiger.dmg"
Its SHA-1 digest is: 74b1c170907dc402c6855b37cfe1a3432a10a92f
For Windows Vista / XP SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: f8ba0b1ef3cf5a0317ea28b31db71e79c63e48b8
QuickTime with iTunes for Windows 32-bit XP or Vista
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 16f5b1e787b36aece842ea5ae80bfc6bf2b32b19
QuickTime with iTunes for Windows 64-bit Vista
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: b8739f847f2b66835f4f4b542b3308de96d418ed
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJKJBK4AAoJEHkodeiKZIkBvUAH+wXt2nJzO7zaxUjV8hySZrrD
7aDnVpjjq+JTTC9BiKp2ywPtar9P6tQGqwJZDciKM4Erde0YcuqF57PHdAK9iVO7
LzV8Wy++uc7FT59jgY+wBMmBoaTQ12yykJLZCBOJJrS6C64XJUOPX4DMimaR7yu0
wVYsptCV79c5MQtcLGMmCyhtUTqhGdaZYDgeSkBJZq2rtkbGoIyzoCp7IteYrV3A
t7FTWB8Rm5fyNsa97U15eMWgXfxTxUdKEnoe8gAdirUF8I3cNaKANsjKf13eb1AF
JVbgJIhNIuL5cv6QtgJJ/b39zVQqEf3hxCFDmU5Ky7Q+C/yzDdCCbN5ncAz7uSs=
=Ybpz
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKJwajNVH5XJJInbgRAhtwAKCAEB9jW+J38Wt40sYp9gHfYPPwswCeN8ys
XV5WRFC5ysxasg3Vt1+D7+I=
=UGrF
-----END PGP SIGNATURE-----