MA-163.062009: MyCERT Alert - Multiple Remote Vulnerabilities in Apple QuickTime Initial Release: 05 June 2009 1.0 Introduction Multiple vulnerabilities have been reported in Apple QuickTime products and the vulnerabilities are as below: - Apple QuickTime PICT Opcode 0x71 Heap Overflow Vulnerability
- Apple QuickTime Jpeg2000 Marker Size Heap Overflow Vulnerability
- Apple QuickTime CRGN Atom Parsing Heap Buffer Overflow Vulnerability
- Apple QuickTime PICT Opcode 0x8201 Heap Overflow Vulnerability
- Apple QuickTime Packed-bit Decoding Heap Overflow Vulnerability
- Apple QuickTime Picture Viewer FLC Delta-Encoded Frame Decompression Vulnerability
2.0 Impact An attacker who successfully exploits these vulnerabilities can bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges. 3.0 Affected Products The detail list of the vulnerable products and versions are as below: - Apple QuickTime version below 7.6.2 on both Windows and Mac OS X
4.0 Recommendation MyCERT highly recommends users of these applications to upgrade to the latest version the affected products. The current latest versions are as below: MyCERT advises users of QuickTime be cautious of potentially malicious PSD, Jpen2000 or QTS . Do not hesitate to contact MyCERT for further assistance. MyCERT can be reached at: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
