• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities

Severity: HIGH

Description:

Apple QuickTime is a media player that supports multiple file formats.

QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code or carry out denial-of-service attacks.

The following specific vulnerabilities were identified:

- QuickTime is prone to an arbitrary-code-execution vulnerability when handling specially crafted PICT image files. Processing PixData structures may cause a heap buffer overflow. This issue affects QuickTime for Microsoft Windows Vista and Microsoft Windows XP SP2. This issue is tracked by CVE-2008-1581.

- QuickTime is prone to a memory-corruption vulnerability that affects AAC-encoded media content. Opening a specially crafted media file may allow arbitrary code to run or may cause the application to terminate unexpectedly. This issue affects QuickTime on Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, and Windows XP SP2. This issue is tracked by CVE-2008-1582.

- QuickTime is prone to an arbitrary-code-execution vulnerability because of a heap buffer-overflow issue that occurs when opening a specially crafted PICT image. This issue affects QuickTime for Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, and Windows XP SP2. This issue is tracked by CVE-2008-1583.

- QuickTime is prone to a stack-based buffer overflow that can occur when handling specially crafted Indo video codec content. Viewing a maliciously crafted movie file with Indeo video codec content may allow arbitrary code to run or may cause the application to terminate unexpectedly. This issue affects QuickTime for Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, and Windows XP SP2. This issue is tracked by CVE-2008-1584.
UPDATE (June 10, 2008): This issue affects 'Indeo.qtx'.

- QuickTime is prone to a vulnerability that can allow arbitrary applications or files to be launched with a specially crafted 'file:' URI. This issue affects QuickTime for Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, and Windows XP SP2. This issue is tracked by CVE-2008-1585.
UPDATE (June 10, 2008): If the file type in a URI supplied via the 'qt:next' attribute is not recognized by the application, the data is passed to 'url.dll!FileProtocolHander' and can result in the processing of 'non-HTTP' filetypes.

Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5 are affected.

NOTE: This BID is being retired; the following individual records have been created to better document the issues:

29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability
29650 Apple QuickTime 'file:' URI File Execution Vulnerability
29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability
29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability
29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability

Affected Products:

• Apple Mac OS X 10.3.9
• Apple Mac OS X 10.4.9
• Apple Mac OS X 10.5
• Apple Mac OS X Server 10.3.9
• Apple Mac OS X Server 10.4.9
• Apple Mac OS X Server 10.5
• Apple QuickTime Player 7.0.1
• Apple QuickTime Player 7.0.2
• Apple QuickTime Player 7.0.3
• Apple QuickTime Player 7.0.4
• Apple QuickTime Player 7.1
• Apple QuickTime Player 7.1.1
• Apple QuickTime Player 7.1.2
• Apple QuickTime Player 7.1.3
• Apple QuickTime Player 7.1.4
• Apple QuickTime Player 7.1.5
• Apple QuickTime Player 7.1.6
• Apple QuickTime Player 7.2
• Apple QuickTime Player 7.3
• Apple QuickTime Player 7.3.1
• Apple QuickTime Player 7.3.1.70
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.4.1
• Apple QuickTime Player 7.4.5

References:

• Apple: Apple QuickTime Homepage
• Apple: HT1991: About the security content of QuickTime 7.5
• CVE: CVE-2008-1581
• CVE: CVE-2008-1582
• CVE: CVE-2008-1583
• CVE: CVE-2008-1584
• CVE: CVE-2008-1585
• Secunia Research: Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow
• US-CERT: VU#132419 Apple QuickTime "file: URL" arbitrary code execution
• Zero Day Initiative: ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability
• Zero Day Initiative: ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.