Languages

Archived - About the security content of QuickTime 7.6.6

This document describes the security content of QuickTime 7.6.6.

This article has been archived and is no longer updated by Apple.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

QuickTime 7.6.6

  • QuickTime

    CVE-ID: CVE-2009-2837

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. The issue is addressed through improved validation of PICT images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2, and for Mac OS X v10.5 systems it is addressed in Security Update 2009-006. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0059

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of QDM2 encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0060

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of QDMC encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0062

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Damian Put and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0514

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of H.261 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.261 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Will Dormann of the CERT/CC for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0515

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption in the handling of H.264 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.264 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0516

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow in the handling of RLE encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of RLE encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0517

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Description: A heap buffer overflow in the handling of M-JPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of M-JPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Damian Put and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0518

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of Sorenson encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Will Dormann of the CERT/CC for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0519

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in the handling of FlashPix encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0520

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of FLC encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of FLC encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Moritz Jodeit of n.runs AG, working with TippingPoint's Zero Day Initiative, and Nicolas Joly of VUPEN Security for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0526

    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0527

    Available for: Windows 7, Vista, XP SP2

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. This issue does not affect Mac OS X systems. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0528

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption exists in the handling of color tables in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of color tables. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0529

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. This issue does not affect Mac OS X systems. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0536

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of BMP images. Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of BMP images. This issue does not affect Mac OS X systems. Credit to SkyLined of Google, Inc. for reporting this issue.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Last Modified: Apr 9, 2014
Helpful?
Yes
No
  • Last Modified: Apr 9, 2014
  • Article: HT4104
  • Views:

    41204
  • Rating:
    • 100.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked