PROBLEM:
Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code
PLATFORM:
Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista and XP.
ABSTRACT:
Multiple vulnerabilities were reported in Apple QuickTime.
REFERENCE LINKS:
Apple Security Article: HT5581
SecurityTracker Alert ID: 1027737
Bugtraq ID: 56438
Secunia Advisory SA51226
CVE-2011-1374
CVE-2012-3751
CVE-2012-3752
CVE-2012-3753
CVE-2012-3754
CVE-2012-3755
CVE-2012-3756
CVE-2012-3757
CVE-2012-3758
IMPACT ASSESSMENT:
High
DISCUSSION:
Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow.
2) An error when processing a PICT file can be exploited to corrupt memory.
3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object.
4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file.
5) Some errors when processing TeXML files can be exploited to cause a buffer overflows.
6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow.
7) A use-after-free error exists in the ActiveX control when handling "Clear()" method.
8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow.
9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow.
IMPACT:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.