Operating System:

[WIN]

Published:

16 May 2012

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2012.0473 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0473
                              QuickTime 7.7.2
                                16 May 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           QuickTime 7
Publisher:         Apple
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-0671 CVE-2012-0670 CVE-2012-0669
                   CVE-2012-0668 CVE-2012-0667 CVE-2012-0666
                   CVE-2012-0665 CVE-2012-0664 CVE-2012-0663
                   CVE-2012-0661 CVE-2012-0660 CVE-2012-0659
                   CVE-2012-0658 CVE-2012-0265 CVE-2011-3460
                   CVE-2011-3459 CVE-2011-3458 

Reference:         ESB-2012.0458
                   ESB-2012.0114

Original Bulletin: 
   http://support.apple.com/kb/HT5261

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-05-15-1 QuickTime 7.7.2

QuickTime 7.7.2 is now available and addresses the following:

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple stack overflows existed in QuickTime's
handling of TeXML files. These issues do not affect OS X systems.
CVE-ID
CVE-2012-0663 : Alexander Gavrun working with HP's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap overflow existed in QuickTime's handling of text
tracks. This issue does not affect OS X systems.
CVE-ID
CVE-2012-0664 : Alexander Gavrun working with HP's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in the handling of H.264
encoded movie files.
CVE-ID
CVE-2012-0665 : Luigi Auriemma working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Opening a maliciously crafted MP4 encoded file may lead to
an unexpected application termination or arbitrary code execution
Description:  An uninitialized memory access issue existed in the
handling of MP4 encoded files. For OS X Lion systems, this issue is
addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this
issue is addressed in Security Update 2012-001.
CVE-ID
CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP's Zero
Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An off by one buffer overflow existed in the handling
of rdrf atoms in QuickTime movie files. For OS X Lion systems, this
issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems,
this issue is addressed in Security Update 2012-001.
CVE-ID
CVE-2011-3459 : Luigi Auriemma working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file during progressive
download may lead to an unexpected application termination or
arbitrary code execution
Description:  A buffer overflow existed in the handling of audio
sample tables. For OS X Lion systems, this issue is addressed in OS X
Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in
Security Update 2012-002.
CVE-ID
CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted MPEG file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in the handling of MPEG
files. For OS X Lion systems, this issue is addressed in OS X Lion
v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in
Security Update 2012-002.
CVE-ID
CVE-2012-0659 : An anonymous researcher working with HP's Zero Day
Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A stack buffer overflow existed in the QuickTime
plugin's handling of QTMovie objects. This issue does not affect OS X
systems.
CVE-ID
CVE-2012-0666 : CHkr_D591 working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Processing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of PNG files.
For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3.
For Mac OS X v10.6 systems, this issue is addressed in Security
Update 2012-001.
CVE-ID
CVE-2011-3460 : Luigi Auriemma working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted QTVR movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A signedness issue existed in the handling of QTVR
movie files. This issue does not affect OS X systems.
CVE-ID
CVE-2012-0667 : Alin Rad Pop working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue existed in the handling of
JPEG2000 encoded movie files. This issue does not affect systems
prior to OS X Lion. For OS X Lion systems, this issue is addressed in
OS X Lion v10.7.4.
CVE-ID
CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of RLE
encoded movie files.
CVE-ID
CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in QuickTime's handling of
Sorenson encoded movie files. This issue does not affect OS X
systems.
CVE-ID
CVE-2012-0669 : Damian Put working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in QuickTime's handling of
sean atoms.
CVE-ID
CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)
working with HP's Zero Day Initiative

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted .pict file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
.pict files.
CVE-ID
CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the
Qualys Vulnerability & Malware Research Labs (VMRL)

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Opening a file in a maliciously crafted path may lead to an
unexpected application termination or arbitrary code execution
Description:  A stack buffer overflow existed in QuickTime's handling
of file paths. This issue does not affect OS X systems.
CVE-ID
CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security
Center via Secunia SVCRP

QuickTime
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted MPEG file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer underflow existed in QuickTime's handling of
audio streams in MPEG files.
CVE-ID
CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability
Research (MSVR)


QuickTime 7.7.2 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: ed569d62b3f8c24ac8e9aec7275f17cbb14d2124

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJPsobhAAoJEPefwLHPlZEwk/sP/0C8iXVhnG481GbA03CMhKXJ
XDooIlCG6YeoeJxGfri/vqlzqcHe3R90K6R89z1dKGU2bWGvtITh95E+WKll++7F
hHYq6YC+r/o1cP1SjBi6A3swhN57m1nQZRIEnnIm+nBSxaiHA6xdRSUaK4ighLSA
jbOVfu/6NPuGSlgWBPKSISDY2FhL0GH0QVLW/piVtMTrxhizlE7dgieipAPoVvRC
SW2W0te7ujo2X167f2GS8EwplUkj/yVeScdr/6HjLkAXIQ1B9RNqTeOdyQZjTxay
32xhZTQ+JfSQzY6VSGoF0bqlK39u5UyzySIKS446OxclYI6xGKSFvTN3nBUwERd+
W+E/4k3Ry4OYEkgZ5yltXO8bJvGZtmpLOkq94Vb4w7EaEgJ452J/YjqCEEbmtAKM
0W9g1jt5av5Hv+vQ7rufR1tJ6CqkIDDr0f3qY+W/F8ZtdA8Bkvm9568d3L1Vlbai
zy89w39Z1RTPMLccZEhtd+80f75P+R3n88X5czjXYignrUJbxhM/S8meqQB5GUB9
nJvZtWB1wlACHJ/EKUTv6miK20XE1OukRyvW0o7WWplqBj5KFWvRcV0tovfybGY9
EKwmao4Hwmq+ovJBFLZj/TV6MMxsJjS9qVea/yOlzZCy+6dwok38yyMAqy+m2dLT
X2aq0dgzK7qjPx0FRyOx
=BPXs
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT7NAiu4yVqjM2NGpAQIH5hAAo3dgR3lHayny3jNSIjyS4iGxxTT9Aa5/
GZ4LNSaCh3/ioPP1MvakKWx4+UzHWX/Dgjn5ilwX1aVX/yuXmIh/mH/ivVxDY8gP
tZKxUX7XtLyVtgut/Oh+rMWltZkMxdwlAp6LIUq9M7F788IPv0xw8U3Ukmt5CSZ5
XXn6/ZriMMHpEgxW3BNQgW3y4Fb1cao8rV1YMGq8OZfViTIFIxNgFXgfI5PhrdO/
cFIPKpg05CkMvPotkmvr0m8zeiFabfm1L2lhyAYooiNIY52I62AWzP5gHjmt5wNg
PBjMBRujlQDd2MxXz9jhL4xkB/nQxpTKyk+V6SIK1F01ZsOu5kDfVc8PLzLIzNXm
fIkTkVggr5Z3GFisLjUPemMW752jG6nU+5K6o0WHRA7+QLsIYMBt9TIyfvMgBoKR
YFF4T+cXiZaf8YOtVh4wDVeYKkTVEe5aKikHzHiLOEdSmnTidNZpGReaf9lQAvah
fXZoN9dUYPhFiuZCp8UrL2rdYncIstmCkgbdmMEMxla+jG7F3WJtBaiR+D1kTg6c
4RFPQ6kDua8WKuLMcza5/3rkFFlBA8ODQJJJVTtEo+K602reyTuwyT23KkWt6O36
sKn/NVrfnqab38FIjp0nIOQ4btSwGGWxTRbG2XbXV6+lPuG8HHHRqaSGe4Vnt6lI
BVJqtAd7iDo=
=XoBD
-----END PGP SIGNATURE-----