TUCoPS :: Macintosh :: b06-4697.htm

Multiple Vulnerabilities in Apple QuickTime
Multiple Vulnerabilities in Apple QuickTime
Multiple Vulnerabilities in Apple QuickTime


=0D
McAfee, Inc.=0D
McAfee Avert(tm) Labs Security Advisory=0D
Public Release Date: 2006-09-12=0D
=0D
Apple QuickTime Multiple Vulnerabilities=0D
=0D
CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386,=0D
CVE-2006-4388, CVE-2006-4389=0D
_________________________________________________=0D
=0D
*	Synopsis=0D
=0D
Apple QuickTime is a multimedia technology used to process image, audio=0D
and video data. QuickTime is used by the Mac OS X operating system and=0D
by the QuickTime media player for Microsoft Windows.=0D
=0D
Seven code execution vulnerabilities are present in QuickTime support=0D
for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.=0D
=0D
Exploitation could lead to execution of arbitrary code. User interaction=0D
is required for an attack to succeed. =0D
=0D
The risk rating for these issues is medium.=0D
=0D
_________________________________________________=0D
=0D
*	Vulnerable Systems=0D
=0D
QuickTime 7.1.2 and below for Mac OS X=0D
QuickTime for Windows 7.1.2 and below=0D
=0D
_________________________________________________=0D
=0D
*	Vulnerability Information=0D
=0D
CVE-2006-4382=0D
=0D
Two buffer overflow vulnerabilities are present in QuickTime MOV format=0D
support.=0D
=0D
CVE-2006-4384=0D
=0D
On heap overflow vulnerability is present in QuickTime FLC format=0D
support.=0D
=0D
CVE-2006-4385=0D
=0D
One buffer overflow vulnerability is present in QuickTime SGI format=0D
support.=0D
=0D
CVE-2006-4386=0D
=0D
One buffer overflow vulnerability is present in QuickTime MOV H.264=0D
format support.=0D
=0D
CVE-2006-4388=0D
=0D
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX)=0D
format support.=0D
=0D
CVE-2006-4389=0D
=0D
One uninitialized memory access vulnerability is present in QuickTime=0D
FlashPix (FPX) format support. =0D
=0D
_________________________________________________=0D
=0D
=0D
*	Resolution=0D
=0D
Apple has included fixes for the QuickTime issues in QuickTime version=0D
7.1.3 for Mac OS X and for Microsoft Windows.  =0D
=0D
Further information is available at:=0D
http://docs.info.apple.com/article.html?artnum=304357=0D 
=0D
_________________________________________________=0D
=0D
*	Credits=0D
=0D
These vulnerabilities were discovered by Mike Price of McAfee Avert=0D
Labs.=0D
=0D
_________________________________________________=0D
=0D
=0D
*	Legal Notice=0D
=0D
Copyright (C) 2006 McAfee, Inc.=0D
The information contained within this advisory is provided for the=0D
convenience of McAfee's customers, and may be redistributed provided=0D
that no fee is charged for distribution and that the advisory is not=0D
modified in any way. McAfee makes no representations or warranties=0D
regarding the accuracy of the information referenced in this document,=0D
or the suitability of that information for your purposes.=0D
=0D
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,=0D
Inc. and/or its affiliated companies in the United States and/or other=0D
Countries.  All other registered and unregistered trademarks in this=0D
document are the sole property of their respective owners.=0D
=0D
=0D
Best regards,=0D
=0D
Dave Marcus, B.A., CCNA, MCSE=0D
Security Research and Communications Manager=0D
McAfee(r) Avert(r) Labs=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH