• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities

Severity: HIGH

Description:

Apple QuickTime is a media player that supports multiple file formats.

QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

The following specific vulnerabilities were identified:

1. A remote code-execution vulnerability occurs because of uninitialized memory access in the third-party 'Indeo v5' codec in 'ir50_32.qtx'. To exploit this issue, an attacker must trick a victim into opening a specially crafted movie file. This issue is tracked by CVE-2008-3615 and affects QuickTime for Microsoft Windows Vista and for Windows XP SP2 and SP3.

2. A stack-based buffer-overflow vulnerability occurs in the third-party 'Indeo v3.2' codec that can be exploited to execute arbitrary code. Specifically, the 'QuickTimeInternetExtras.qtx' fails to do proper bounds checking. To exploit this issue, an attacker must trick a victim into opening a specially crafted movie file. This issue is tracked by CVE-2008-3635 and affects QuickTime for Microsoft Windows Vista and for Windows XP SP2 and SP3.

3. A heap-based buffer-overflow vulnerability affects QuickTime when handling specially crafted QTVR (QuickTime Virtual Reality) movie files. The issue is caused by a sign-extensions error. To exploit this issue, an attacker must trick a victim into opening a malicious file. This issue is tracked by CVE-2008-3624 and affects QuickTime for OS X 10.4 and 10.5, for Microsoft Windows Vista, and for Windows XP SP2 and SP3.

4. A stack-based buffer-overflow vulnerability affects QuickTime when handling specially crafted QTVR (QuickTime Virtual Reality) movie files. Specifically, this occurs when the 'maxTilt', 'minFieldOfView', and 'maxFieldOfView' elements are corrupted. To exploit this issue, an attacker must trick a victim into opening a malicious file. This issue is tracked by CVE-2008-3625 and affects QuickTime for OS X 10.4 and 10.5, for Microsoft Windows Vista, and for Windows XP SP2 and SP3.

5. An integer-overflow vulnerability affects QuickTime when handling specially crafted PICT image files. To exploit this issue, an attacker must trick a victim into opening a malicious file. This issue is tracked by CVE-2008-3614 and affects QuickTime for Microsoft Windows Vista and for Windows XP SP2 and SP3.

6. Multiple memory-corruption vulnerabilities affect QuickTime when handling specially crafted 'H.264' encoded movie files. Specifically, this occurs when parsing MP4 video files in 'QuickTimeH264.qtx', AVC1 atoms, and '.mov' video files in 'QuickTimeH264.scalar'. To exploit these issues, an attacker must trick a victim into opening a malicious file. These issues are tracked by CVE-2008-3627 and affect QuickTime for OS X 10.4 and 10.5, for Microsoft Windows Vista, and for Windows XP SP2 and SP3.

7. A remote code-execution vulnerability affects QuickTime when handling specially crafted PICT files because of an invalid pointer. To exploit this issue, an attacker must trick a victim into opening a malicious PICT file. This issue is tracked by CVE-2008-3628 and affects QuickTime for Microsoft Windows Vista and for Windows XP SP2 and SP3.

Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

NOTE: Two issues that were previously covered in this BID were given their own records to better document the details:

- CVE-2008-3626 was moved to BID 31546 ('Apple QuickTime 'STSZ' Atoms Memory Corruption Vulnerability')

- CVE-2008-3629 was moved to BID 31548 ('Apple QuickTime PICT Denial of Service Vulnerability').

Affected Products:

• Apple Mac OS X 10.3.9
• Apple Mac OS X 10.4.1
• Apple Mac OS X 10.4.10
• Apple Mac OS X 10.4.11
• Apple Mac OS X 10.4.11
• Apple Mac OS X 10.4.2
• Apple Mac OS X 10.4.3
• Apple Mac OS X 10.4.4
• Apple Mac OS X 10.4.5
• Apple Mac OS X 10.4.6
• Apple Mac OS X 10.4.7
• Apple Mac OS X 10.4.8
• Apple Mac OS X 10.4.9
• Apple Mac OS X 10.5
• Apple Mac OS X 10.5.1
• Apple Mac OS X 10.5.2
• Apple Mac OS X 10.5.3
• Apple Mac OS X 10.5.4
• Apple Mac OS X Server 10.3.9
• Apple Mac OS X Server 10.4.0
• Apple Mac OS X Server 10.4.1
• Apple Mac OS X Server 10.4.10
• Apple Mac OS X Server 10.4.11
• Apple Mac OS X Server 10.4.11
• Apple Mac OS X Server 10.4.2
• Apple Mac OS X Server 10.4.3
• Apple Mac OS X Server 10.4.4
• Apple Mac OS X Server 10.4.5
• Apple Mac OS X Server 10.4.6
• Apple Mac OS X Server 10.4.7
• Apple Mac OS X Server 10.4.8
• Apple Mac OS X Server 10.4.9
• Apple Mac OS X Server 10.5
• Apple Mac OS X Server 10.5.1
• Apple Mac OS X Server 10.5.2
• Apple Mac OS X Server 10.5.3
• Apple Mac OS X Server 10.5.4
• Apple QuickTime Player 7.0.0
• Apple QuickTime Player 7.0.1
• Apple QuickTime Player 7.0.2
• Apple QuickTime Player 7.0.3
• Apple QuickTime Player 7.0.4
• Apple QuickTime Player 7.1
• Apple QuickTime Player 7.1.1
• Apple QuickTime Player 7.1.2
• Apple QuickTime Player 7.1.3
• Apple QuickTime Player 7.1.4
• Apple QuickTime Player 7.1.5
• Apple QuickTime Player 7.1.6
• Apple QuickTime Player 7.2
• Apple QuickTime Player 7.3
• Apple QuickTime Player 7.3.1
• Apple QuickTime Player 7.3.1.70
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.4.1
• Apple QuickTime Player 7.4.5
• Apple QuickTime Player 7.5

References:

• Apple: Apple QuickTime Homepage
• CVE: CVE-2008-3614
• CVE: CVE-2008-3615
• CVE: CVE-2008-3624
• CVE: CVE-2008-3625
• CVE: CVE-2008-3626
• CVE: CVE-2008-3627
• CVE: CVE-2008-3628
• CVE: CVE-2008-3629
• CVE: CVE-2008-3635
• NGSSoftware: Critical Vulnerability in Apple Quicktime’s Indeo Codec
• Roee Hay: QuickTime patched
• ZDI: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability
• ZDI: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
• ZDI: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability
• ZDI: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability
• ZDI: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability
• iDefense Labs: Apple QuickTime PICT Integer Overflow Vulnerability

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.