About the security content of QuickTime 7.3

This document describes the security content of QuickTime 7.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see Apple Security Updates.

QuickTime 7.3

QuickTime

CVE-ID: CVE-2007-2395

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

Description: A memory corruption issue exists in QuickTime's handling of image description atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of QuickTime image descriptions. Credit to Dylan Ashe of Adobe Systems Incorporated for reporting this issue.

QuickTime

CVE-ID: CVE-2007-3750

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

Description: A heap buffer overflow exists in QuickTime Player's handling of Sample Table Sample Descriptor (STSD) atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of STSD atoms. Credit to Tobias Klein of www.trapkit.de for reporting this issue.

QuickTime

CVE-ID: CVE-2007-3751

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Untrusted Java applets may obtain elevated privileges.

Description: Multiple vulnerabilities exist in QuickTime for Java, which may allow untrusted Java applets to obtain elevated privileges. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker may cause the disclosure of sensitive information and arbitrary code execution with elevated privileges. This update addresses the issues by making QuickTime for Java no longer accessible to untrusted Java applets. Credit to Adam Gowdiak for reporting this issue.

QuickTime

CVE-ID: CVE-2007-4672

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution.

Description: A stack buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT files. Credit to Ruben Santamarta of reversemode.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

QuickTime

CVE-ID: CVE-2007-4676

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution.

Description: A heap buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT files. Credit to Ruben Santamarta of reversemode.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

QuickTime

CVE-ID: CVE-2007-4675

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution.

Description: A heap buffer overflow exists in QuickTime's handling of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files. By enticing a user to view a maliciously crafted QTVR file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing bounds checking on panorama sample atoms. Credit to Mario Ballano from 48bits.com working with the VeriSign iDefense VCP for reporting this issue.

QuickTime

CVE-ID: CVE-2007-4677

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

Description: A heap buffer overflow exists in the parsing of the color table atom when opening a movie file. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of color table atoms. Credit to Ruben Santamarta of reversemode.com and Mario Ballano of 48bits.com working with TippingPoint and the Zero Day Initiative for reporting this issue.

QuickTime

CVE-ID: CVE-2007-4674

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5, Windows Vista, XP SP2

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

Description: An integer arithmetic issue in QuickTime's handling of certain movie file atoms may lead to a stack buffer overflow. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of atom length fields in movie files. Credit to Cody Pierce of TippingPoint DVLabs for reporting this issue.