Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/1/2009
05:59 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Apple Plugs A Heap of Buffer Overflow Vulnerabilities

The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.

The software maker plugs 10 significant security vulnerabilities in its QuickTime media player, as well as flaws within iTunes. A number of flaws could lead to denial of service conditions, or remote exploit. Looks like most of these flaws affect Mac OS X, Vista, as well as XP SP3.Each of the CVE-IDs listed below represents a separate vulnerabilities. Those of particular concern enable "arbitrary code execution," which when translated from security-speak to English means an attack could potentially insert software and code of their choosing on at-risk systems:

QuickTime

CVE-ID: CVE-2009-0188 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Carsten Eiram of Secunia Research for reporting this issue.

CVE-ID: CVE-2009-0951 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0952 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0010 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow in QuickTime's handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

CVE-ID: CVE-2009-0953 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0954 Available for: Windows Vista and XP SP3 Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

CVE-ID: CVE-2009-0185 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Alin Rad Pop of Secunia Research for reporting this issue.

CVE-ID: CVE-2009-0955 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Opening a maliciously crafted video file may lead to an unexpected application termination or arbitrary code execution Description: A sign extension issue exists in QuickTime's handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of description atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue.

CVE-ID: CVE-2009-0956 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3

Impact: Viewing a movie file with a maliciously crafted user data atom may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue exists in QuickTime's handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files, and presenting a warning dialog to the user. Credit to Lurene Grenier of Sourcefire, Inc. (VRT) for reporting this issue.

CVE-ID: CVE-2009-0957 Available for: Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3 Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators, and Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.

More information on the QuickTime flaws are available on Apple's support page.

Also released today is a flaw within iTunes:

iTunes 8.2

CVE-ID: CVE-2009-0950 Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow exists in iTunes when parsing "itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.

More information on this flaw is available here.

For mobile technology and security updates, follow me on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.