On CNET: Start your tech shopping now
BNET Business Network:
BNET
TechRepublic
ZDNet

March 5th, 2007

Serious QuickTime bugs bite Windows Vista, Mac OS X

Posted by Ryan Naraine @ 1:56 pm

Categories: Apple, Digital rights management, Exploit code, Hackers, Microsoft, Patch Watch, Pen testing, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista

Tags: Apple Mac OS, Apple Macintosh, Apple QuickTime, Execution, Microsoft Windows Vista, Microsoft Windows, Apple Mac OS X, File, Ryan Naraine

In Focus » See more posts on: Apple Security, Vista

Multiple flaws in Apple's QuickTime media player could put millions of Windows and Mac users at risk of code execution attacks, Apple confirmed in an advisory issued today.

Apple QuickTimeA mega-update from Cupertino plugs a total of eight code execution vulnerabilities in QuickTime, all affecting Windows Vista, Microsoft's new operating system. The most serious of the flaws could allow an attacker to use audio and video files to take full control of a vulnerable machine.

In all, the new QuickTime 7.1.5  plugs a total of eight holes affecting Mac OS X, Windows 2000, Windows XP and Windows Vista users.  All eight flaws are considered highly critical because of the risk of code execution attacks.

Vulnerability #1 (Windows Vista/XP/2000):  Viewing a maliciously-crafted 3GP file may lead to an application crash or arbitrary code execution. This is caused by an integer overflow in QuickTime's handling of 3GP video files. By enticing a user to open a malicious movie, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. This issue does not affect Mac OS X.

Vulnerability #2 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Viewing a maliciously-crafted MIDI file may lead to an application crash or arbitrary code execution because of a heap buffer overflow in QuickTime's handling of MIDI files.  An attacker could exploit this bug by enticing a user to open a malicious MIDI file. This could lead to an application crash or arbitrary code execution.

Vulnerability #3 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Viewing a maliciously-crafted Quicktime movie file may lead to an application crash or arbitrary code execution. Apple describes this as a heap buffer overflow in the way the media player handles QuickTime movie files.  Code execution attacks are possible, Apple confirmed.

Vulnerability #4 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Viewing a maliciously-crafted Quicktime movie file may lead to an application crash or arbitrary code execution because of an integer overflow in QuickTime's handling of UDTA atoms in movie files. This could be exploited to cause denial-of-service or arbitrary code execution attacks.

Vulnerability #5 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): A heap buffer overflow in QuickTime's handling of PICT files could allow an attacker to launch code execution attacks when rigged PICT files are viewed.

Vulnerability #6 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Opening a maliciously-crafted QTIF file may lead to an application crash or arbitrary code execution because of a stack buffer overflow exists in QuickTime's handling of QTIF files. "By enticing a user to access a maliciously-crafted QTIF file, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution," Apple warned.

Vulnerability #7 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): An integer overflow in the way QuickTime handles QTIF files could allow a maliciously crafted QTIF file to be used in code execution attacks.

Vulnerability #8 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Opening a maliciously-crafted QTIF file may lead to an application crash or arbitrary code execution because of a heap buffer overflow in the media player's handling of QTIF files.

Apple is strongly recommending that users upgrade to QuickTime 7.1.5 via the Software Update or from the download area in the QuickTime site.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 113 Talkback(s)
the title is wrong, because Vista has UAC and Protected mode
the title is wrong, because Vista has UAC and Protected mode and this helps to reduce the damages and prevent system access.... (Read the rest)
Posted by: qmlscycrajg Posted on: 09/13/07 You are currently: a Guest | | Terms of Use
Question for you Ryan -  Confused by religion | 03/05/07
UAC will pop up if the malware tries to change your system  georgeou | 03/05/07
Department Of Transportation bites back at Microsoft .  I'm Ye, the MS SHILL . | 03/06/07
sheesh  Badgered | 03/06/07
you read wrong they are waiting  SO.CAL Guy | 03/06/07
Support for Linux  mdsmedia | 03/06/07
Yes, he implied wrong but your reasoning is shoddy.  Kid Icarus-21097050858087920245213802267493 | 09/12/07
Even Intel is holding back because of MS Vista .  I'm Ye, the MS SHILL . | 03/06/07
well...  Badgered | 03/06/07
he states this but  SO.CAL Guy | 03/06/07
Doesn't Apple test their code?  NonZealot | 03/05/07
Did you catch the new Maddox update?  Michael Kelly | 03/05/07
HILARIOUS!!!  NonZealot | 03/05/07
Thanks!  KTLA | 03/05/07
Zealotry  frgough | 03/06/07
ok...  Badgered | 03/06/07
only OS X?  SirRoundSound | 03/06/07
What?  Badgered | 03/06/07
sorry ... zealot comment not aimed at you  SirRoundSound | 03/06/07
That depends.  Joel R | 03/06/07
Question?  cashaww | 03/07/07
I don't completely disagree  Badgered | 03/13/07
Umm...  rapson | 03/06/07
Re: Umm...  SirRoundSound | 03/06/07
I guess he means  zkiwi | 03/06/07
thank you  Badgered | 03/06/07
Microsoft built computer ??  blaze1024 | 03/07/07
It has better be more secure  xuniL_z | 03/06/07
By your logic  msalzberg | 03/06/07
Bug fixes are good  MacGeek2121 | 03/06/07
Missing great content  Timpraetor | 03/06/07
I wonder how many of those computers  georgep_z | 03/06/07
HELLO WINDOWS ZEALOT!!!`  nix_hed | 03/07/07
Not NonZealot,  Kid Icarus-21097050858087920245213802267493 | 09/12/07
I just wish I could STOP QUICKTIME....  Feldwebel Wolfenstool | 03/05/07
The biggest pain in the ass utility for sure  klumper | 03/05/07
Quicktime isn't the PITA. Users are  labarker | 03/06/07
Wrong! The worst piece of annoyance ware is Windows  MacGeek2121 | 03/06/07
A better nick for you: "MacFanboy"  A_Selby | 03/08/07
Or have they FINALLY ended this practice with the later editions?  klumper | 03/05/07
Don't forget  xuniL_z | 03/05/07
FYI this applies to both platforms  klumper | 03/05/07
Vista?!  Kobashrer | 03/05/07
Expect sability... from Microsoft?!?!  stevej@... | 03/05/07
i've installed windows vista and have had no problems what so ever  SO.CAL Guy | 03/06/07
That's not accurate.  xuniL_z | 03/06/07
Mac OSX and most Linux distros are more stable than Windows will ever be.  MacGeek2121 | 03/06/07
How many people would bother posting on a forum if they had zero problems?  PB_z | 03/06/07
Sounds logical  A_Selby | 03/06/07
XP had the same growing pains  xuniL_z | 03/06/07
"If I worked for MS"?  Ole Man | 03/07/07
Steve Jobs knows exactly what you need running on your Mac  SO.CAL Guy | 03/06/07
probably should tell you  xuniL_z | 03/06/07
Quicktime autoloading: the remedy is with you  labarker | 03/06/07
how to stop QT  A_Selby | 03/06/07
There us an easy way.  rob@... | 03/06/07
QT on Mac OS 10.3.9  paul351 | 03/05/07
Are you saying Apple's patches aren't flawless?  PB_z | 03/06/07
I always install Mac updates and have NEVER had a problem  MacGeek2121 | 03/06/07
How does this affect MacOS?  kraterz | 03/05/07
Makes me laugh  NonZealot | 03/05/07
Same story on Windows  PB_z | 03/06/07
Server mentality  frgough | 03/06/07
Why?  NonZealot | 03/06/07
Very common misconception  toadlife | 03/06/07
It does.  Rick_K | 03/06/07
Mitigated further with IE7 on Vista  PB_z | 03/06/07
ZDNet and phone number  Fred Fredrickson | 03/06/07
(nt)I gave em' the number to my local movie theater  toadlife | 03/06/07
Firefox is looking at Protected mode but won't commit  georgeou | 03/06/07
Linux is safe  Linux Geek | 03/06/07
absolutely right  releasedfire | 03/06/07
You've got to be kidding! No software,  blaze1024 | 03/07/07
That does not answer my question  releasedfire | 03/07/07
OpenOffice doesn't have too far to go  A_Selby | 03/08/07
No SW? Are you mad?  A_Selby | 03/08/07
Mac OS X is UNIX, Linux is UNIX, Windoz NOT  d0c_h0l1day | 03/07/07
MacOS X is NOT UNIX, it is UNIX BASED.  SGIOctane2 | 03/08/07
Apple is so arrogant and proud that hackers do not pay serious attention...  Vily Clay | 03/06/07
THANKS AGAIN, APPLE!  QueenMama | 03/06/07
poor poor person  SO.CAL Guy | 03/06/07
My God, Man!  QueenMama | 03/06/07
And use facts  Imaginos1892 | 03/06/07
Macs don't impress me.....  kwsjr82 | 03/06/07
You asked  Imaginos1892 | 03/06/07
Do you have a Best Buy near by?  Badgered | 03/06/07
There's a small retail store  msalzberg | 03/06/07
Believe it or not, I stand corrected  kwsjr82 | 03/08/07
And there's more...  A_Selby | 03/08/07
Thank you. I've been wanting to say that to him  mdsmedia | 03/06/07
Try your IT Department  TechnoCritter | 03/06/07
No viruses or high threat trojans for me in years...  A_Selby | 03/08/07
How do you know?  Joel R | 03/09/07
Cheap Shot Title - Sensationalism Sells Articles  Timpraetor | 03/06/07
Cheap Shot? How true! The media are all the same  labarker | 03/06/07
Even worse here.  Rick_K | 03/06/07
Time to Get Rid of QT!  paulp575#dog-walker | 03/06/07
QuickTime is much, MUCH more than just codecs.  Joel R | 03/06/07
QuickTime is much, MUCH more than just codecs.  Joel R | 03/08/07
MY BUFFERS ARE OVERFLOWING  BALTHOR | 03/06/07
Interesting you list then im detail ...  SikosisZDNet | 03/06/07
Don't use Apple, MAC or Quicktime!  erniem1970@... | 03/06/07
He has been cloned  d0c_h0l1day | 03/07/07
Wow, Vista will finally have a 64-bit version!  Joel R | 03/08/07
Apple is still far better then Microsoft  d0c_h0l1day | 03/07/07
More new malware EVERY DAY for Windows than EVER EXISTED for the Mac (NT)  Joel R | 03/09/07
MacOS X is NOT UNIX, it's UNIX based.  SGIOctane2 | 03/08/07
All my windows problems are Apple based.  Fujikid2 | 03/11/07
Message has been deleted.  Fujikid2 | 03/11/07
gnawing at heels  Mitch 74 | 03/15/07
Why am I paying for this  Kathy Davis | 03/18/07
QT Pro 7.1.6  Brewer@... | 06/26/07
the title is wrong, because Vista has UAC and Protected mode  qmlscycrajg | 09/13/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here