Apple issue security update for QuickTime

ByIan Dixon

May 17, 2012 #Apple, #QuickTime, #Windows

The Windows version of QuickTime has been updated to version 7.7.2 and only contains security updates and has no new features. The update should be automatic via Apple Software Update.

QuickTime 7.7.2 improves security and is recommended for all QuickTime 7 users on Windows. For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222.

QuickTime 7.7.2

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple stack overflows existed in QuickTime’s handling of TeXML files. These issues do not affect OS X systems.

CVE-ID

CVE-2012-0663 : Alexander Gavrun working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: A heap overflow existed in QuickTime’s handling of text tracks. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0664 : Alexander Gavrun working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow existed in the handling of H.264 encoded movie files.

CVE-ID

CVE-2012-0665 : Luigi Auriemma working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution

Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001.

CVE-ID

CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001.

CVE-ID

CVE-2011-3459 : Luigi Auriemma working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in the handling of audio sample tables. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002.

CVE-ID

CVE-2012-0658 : Luigi Auriemma working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow existed in the handling of MPEG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002.

CVE-ID

CVE-2012-0659 : An anonymous researcher working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow existed in the QuickTime plugin’s handling of QTMovie objects. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0666 : CHkr_D591 working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in the handling of PNG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001.

CVE-ID

CVE-2011-3460 : Luigi Auriemma working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution

Description: A signedness issue existed in the handling of QTVR movie files. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0667 : Alin Rad Pop working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4.

CVE-ID

CVE-2012-0661 : Damian Put working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in the handling of RLE encoded movie files.

CVE-ID

CVE-2012-0668 : Luigi Auriemma working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in QuickTime’s handling of Sorenson encoded movie files. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0669 : Damian Put working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow existed in QuickTime’s handling of sean atoms.

CVE-ID

CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP’s Zero Day Initiative

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in the handling of .pict files.

CVE-ID

CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow existed in QuickTime’s handling of file paths. This issue does not affect OS X systems.

CVE-ID

CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security Center via Secunia SVCRP

QuickTime

Available for: Windows 7, Vista, XP SP2 or later

Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution

Description: An integer underflow existed in QuickTime’s handling of audio streams in MPEG files.

CVE-ID

CVE-2012-0660: Justin Kim at Microsoft and Microsoft Vulnerability Research (MSVR)

Related Post

Music Tech News Videos

Fairlight Collection Vol1: Strings, Brass & Vocal for the Korg Modwave

Music Tech News Videos

Sounds Design on the Korg Modwave Live Stream

Hands on with Windows 11 Insider Preview Build 26200

Leave a ReplyCancel reply

{"id":null,"mode":"button","open_style":"in_place","currency_code":"GBP","currency_symbol":"\u00a3","currency_type":"decimal","blank_flag_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":500,"top_media_type":"none","featured_image_url":false,"featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Leave a tip","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"TheDigitalLifestyle.com","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"TheDigitalLifestyle.com","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for being a supporter!","payment_confirmation_title":"TheDigitalLifestyle.com","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}