About the security content of QuickTime 7.7.1

This document describes the security content of QuickTime 7.7.1.

This article has been archived and is no longer updated by Apple.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."
 

QuickTime 7.7.1

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents

    Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML

    Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is addressed by removing the reference to an online script. This issue does not affect OS X Lion systems. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3218 : Aaron Sigel of vtty.com

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in QuickTime's handling of FlashPix files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in QuickTime's handling of FLIC files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. For OS X Lion systems, these issues are addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, these issues are addressed in Security Update 2011-006.

    CVE-ID

    CVE-2011-3228 : Apple

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow issue existed in the handling of PICT files. This issue does not affect Mac OS X systems.

    CVE-ID

    CVE-2011-3247 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files.

    CVE-ID

    CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow issue existed in the handling of FLC encoded movie files.

    CVE-ID

    CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow issue existed in the handling of JPEG2000 encoded movie files.

    CVE-ID

    CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the handling of TKHD atoms in QuickTime movie files. This issue does not affect Mac OS X systems.

    CVE-ID

    CVE-2011-3251 : Damian Put working with TippingPoint's Zero Day Initiative

  • QuickTime

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in QuickTime's handling of RLE encoded movie files. This issue does not affect Mac OS X systems.

    CVE-ID

    CVE-2011-3428 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

Published Date: