About the security content of QuickTime 7.7.2

Learn about the security content of QuickTime 7.7.2.

This document describes security content of QuickTime 7.7.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".
 

QuickTime 7.7.2

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple stack overflows existed in QuickTime's handling of TeXML files. These issues do not affect OS X systems.

    CVE-ID

    CVE-2012-0663 : Alexander Gavrun working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap overflow existed in QuickTime's handling of text tracks. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0664 : Alexander Gavrun working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow existed in the handling of H.264 encoded movie files.

    CVE-ID

    CVE-2012-0665 : Luigi Auriemma working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001.

    CVE-ID

    CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001.

    CVE-ID

    CVE-2011-3459 : Luigi Auriemma working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of audio sample tables. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002.

    CVE-ID

    CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow existed in the handling of MPEG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002.

    CVE-ID

    CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A stack buffer overflow existed in the QuickTime plugin's handling of QTMovie objects. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0666 : CHkr_D591 working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of PNG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001.

    CVE-ID

    CVE-2011-3460 : Luigi Auriemma working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A signedness issue existed in the handling of QTVR movie files. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0667 : Alin Rad Pop working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4.

    CVE-ID

    CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in the handling of RLE encoded movie files.

    CVE-ID

    CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in QuickTime's handling of Sorenson encoded movie files. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0669 : Damian Put working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow existed in QuickTime's handling of sean atoms.

    CVE-ID

    CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the handling of .pict files.

    CVE-ID

    CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution

    Description: A stack buffer overflow existed in QuickTime's handling of file paths. This issue does not affect OS X systems.

    CVE-ID

    CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security Center via Secunia SVCRP

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer underflow existed in QuickTime's handling of audio streams in MPEG files.

    CVE-ID

    CVE-2012-0660: Justin Kim at Microsoft and Microsoft Vulnerability Research (MSVR)

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: May 15, 2012
Helpful?
Yes
No
  • Last Modified: May 15, 2012
  • Article: HT5261
  • Views:

    218500
  • Rating:
    • 100.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked