About the security content of QuickTime 7.6.2

This document describes the security content of QuickTime 7.6.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

This article has been archived and is no longer updated by Apple.

QuickTime 7.6.2

  • QuickTime

    CVE-ID: CVE-2009-0188

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Carsten Eiram of Secunia Research for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0951

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0952

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0010

    Available for: Windows Vista and XP SP3

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: An integer underflow in QuickTime's handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0953

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0954

    Available for: Windows Vista and XP SP3

    Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0185

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Alin Rad Pop of Secunia Research for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0955

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Opening a maliciously crafted video file may lead to an unexpected application termination or arbitrary code execution

    Description: A sign extension issue exists in QuickTime's handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of description atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0956

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Viewing a movie file with a maliciously crafted user data atom may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in QuickTime's handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files, and presenting a warning dialog to the user. Credit to Lurene Grenier of Sourcefire, Inc. (VRT) for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2009-0957

    Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

    Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators, and Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Last Modified:
Helpful?

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)