Risk
6/1/2009
05:59 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Apple Plugs A Heap of Buffer Overflow Vulnerabilities

The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.

The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.Each of the CVE-IDs listed below represents a separate vulnerabilities. Those of particular concern enable "arbitrary code execution," which when translated from security-speak to English means an attack could potentially insert software and code of their choosing on at-risk systems:

QuickTime

CVE-ID: CVE-2009-0188 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Carsten Eiram of Secunia Research for reporting this issue.

CVE-ID: CVE-2009-0951 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0952 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0010 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow in QuickTime's handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

CVE-ID: CVE-2009-0953 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0954 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0185 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Alin Rad Pop of Secunia Research for reporting this issue.

CVE-ID: CVE-2009-0955 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted video file may lead to an unexpected application termination or arbitrary code execution Description: A sign extension issue exists in QuickTime's handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of description atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue.

CVE-ID: CVE-2009-0956 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

Impact: Viewing a movie file with a maliciously crafted user data atom may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue exists in QuickTime's handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files, and presenting a warning dialog to the user. Credit to Lurene Grenier of Sourcefire, Inc. (VRT) for reporting this issue.

CVE-ID: CVE-2009-0957 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators, and Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

More information on the QuickTime flaws are available on Apple's support page.

Also released today is a flaw within iTunes:

iTunes 8.2

CVE-ID: CVE-2009-0950 Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow exists in iTunes when parsing "itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.

More information on this flaw is available here.

For mobile technology and security updates, follow me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4734
Published: 2014-07-21
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE-2014-4960
Published: 2014-07-21
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVE-2014-5016
Published: 2014-07-21
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to appl...

CVE-2014-5017
Published: 2014-07-21
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter...

CVE-2014-5018
Published: 2014-07-21
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.