-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0802
                    APPLE-SA-2011-08-03-1 QuickTime 7.7
                               4 August 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          QuickTime
Publisher:        Apple
Operating System: Mac OS X
                  Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2011-0252 CVE-2011-0251 CVE-2011-0250
                  CVE-2011-0249 CVE-2011-0248 CVE-2011-0247
                  CVE-2011-0246 CVE-2011-0245 CVE-2011-0213
                  CVE-2011-0211 CVE-2011-0210 CVE-2011-0209
                  CVE-2011-0187 CVE-2011-0186 

Reference:        ESB-2011.0667
                  ESB-2011.0314

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-08-03-1 QuickTime 7.7

QuickTime 7.7 is now available and addresses the following:

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted pict file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime's handling of
pict files. Viewing a maliciously crafted pict file may lead to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0245 : Subreption LLC working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted JPEG2000 image with QuickTime
may lead to an unexpected application termination or arbitrary code
execution
Description:  Multiple memory corruption issues existed in
QuickTime's handling of JPEG2000 images. Viewing a maliciously
crafted JPEG2000 image with QuickTime may lead to an unexpected
application termination or arbitrary code execution. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This
issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0186 : Will Dormann of the CERT/CC

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to the
disclosure of video data from another site
Description:  A cross-origin issue existed in QuickTime plug-in's
handling of cross-site redirects. Visiting a maliciously crafted
website may lead to the disclosure of video data from another site.
This issue is addressed by preventing QuickTime from following cross-
site redirects. For Mac OS X v10.6 systems, this issue is addressed
in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7
systems.
CVE-ID
CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability
Research (MSVR)

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Playing a maliciously crafted WAV file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in QuickTime's handling of
RIFF WAV files. Playing a maliciously crafted WAV file may lead to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in QuickTime's
handling of sample tables in QuickTime movie files. Viewing a
maliciously crafted movie file may lead to an unexpected application
termination or arbitrary code execution. For Mac OS X v10.6 systems,
this issue is addressed in Mac OS X v10.6.8. This issue does not
affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in QuickTime's handling of
audio channels in movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. For Mac OS X v10.6 systems, this issue is addressed
in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7
systems.
CVE-ID
CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted JPEG file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime's handling of
JPEG files. Viewing a maliciously crafted JPEG file may lead to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0213 : Luigi Auriemma working with iDefense VCP

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in QuickTime's handling
of GIF images. Viewing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution. This
issue does not affect Mac OS X systems.
CVE-ID
CVE-2011-0246 : an anonymous contributor working with Beyond
Security's SecuriTeam Secure Disclosure program

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted H.264 movie file may lead to
an unexpected application termination or arbitrary code execution
Description:  Multiple stack buffer overflows existed in the handling
of H.264 encoded movie files. Viewing a maliciously crafted H.264
movie file may lead to an unexpected application termination or
arbitrary code execution. These issues do not affect Mac OS X
systems.
CVE-ID
CVE-2011-0247 : Roi Mallo and Sherab Giovannini working with
TippingPoint's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website using Internet
Explorer may lead to an unexpected application termination or
arbitrary code execution
Description:  A stack buffer overflow existed in the QuickTime
ActiveX control's handling of QTL files. Visiting a maliciously
crafted website using Internet Explorer may lead to an unexpected
application termination or arbitrary code execution. This issue does
not affect Mac OS X systems.
CVE-ID
CVE-2011-0248 : Chkr_d591 working with TippingPoint's Zero Day
Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in the handling of STSC
atoms in QuickTime movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in the handling of STSS
atoms in QuickTime movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in the handling of STSZ
atoms in QuickTime movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative

QuickTime
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in the handling of STTS
atoms in QuickTime movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue does not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero
Day Initiative


QuickTime 7.7 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

For Mac OS X v10.5.8
The download file is named: "QuickTime77Leopard.dmg"
Its SHA-1 digest is: 0deb99cc44015af7c396750d2c9dd4cbd59fb355

For Windows 7 / Vista / XP SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: a99f61d67be6a6b42e11d17b0b4f25cd88b74dc9

QuickTime is incorporated into Mac OS X v10.6 and later.
QuickTime 7.7 is not presented to systems running
Mac OS X v10.6 or later.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iQEcBAEBAgAGBQJOOZuHAAoJEGnF2JsdZQeeNWIH/A+KRxzYTBC5nCZQ6m/sRdU0
OrauYjVbXIj1LUgMS9+I0wW4Zg7xtGBEjYBnqiuNuajP5W2+Ts8mNe75ZlEFlNto
KFQI7NS/OsTrjCTR1m1sF2zvsyMKDOjviIy90+PDGKejC8c3Zu/Y8GSdZ++I4aEf
J2g7BqhBDW/RFOemPGrcvr/iwu3twdkiAHeLXFCcecNCKjSUfoxXDuPd/Ege/kS7
95wsNkLjypSEuLpcmjATSXp5X58nzbUCsrQ2doPzLy1/8oWiG9XsiZznmcYlLhHg
trYm+KIMdqBOQWI3uhG+3dG6l2xkJxdYNxHRHXFh78QH0NblHg9u3PmhELUBeXU=
=H+iO
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTjnWpu4yVqjM2NGpAQI6og/+M035T4+aju3DUT/BBAsCYoCt4D86sd5C
zg5WVKCshTiIZFkaRReIs4+Pbt3xqbfOCgx2oxqhEhJfbrl7sHg1Xs5b3wC3mOp2
4VeJDjD9zOhC3z8TK1T2XvRdqUraUfcY6jfko5Nd5ejTVL8597DS0VfPeU00TgS9
CC5y6GyadspctSyB4G8QMqMPIo82wt78wl91L8ickzDD19rSjC/sZzi89oXNfoqG
AH698vceO++6lvzLrfKG1w6yR9XUw85a83sC6vk28l98jFwS+ySHHYnHxdJ9BT/5
wM9Zh9hgbADBy2KMmVtcEyLsyIW6lfxF4eX4AGXqKsY2thV/E0JIem0xsvf+zfB1
rFD+iKdYJDQtb2CsHZahWM+tOx6JYxl0lmfA4jPGL9nrGsH27xxsSeYwVUBr2gua
dGblnJ/DRPY0av4pQLGUJxJ/iRPZExvWTfbEOtZqHQ3dTw++/8xyOeM3WsP4muJk
rwn81NasFoFMZBCgx5B25lNUke/OaMu9fmo7WEZjJwEPCfDfHBPNMOWTI3th7VZB
Spt39QuzcokKO61dwS1VUCpBUpKiW2KLN6DPl092u1rxszaJ06LsxXctih+x5/27
GByf4brWzGvW+9OeSTFA51QGIGqGbpMIRY2gqShbQj/a4J3Tv2onHvnFBLWtixgj
DejAd4d/TH4=
=OSDa
-----END PGP SIGNATURE-----