The last patch fixes a buffer overflow in the way ‘rnet’ boxes in MP4 files are handled. Attackers could exploit this flaw by compelling a user to view a maliciously crafted Targa file, which could lead to the termination of applications or the execution of arbitrary code. The overflows were discovered by ZDI’s Alexander Gavrun and TELUS Security Labs’ Arezou Hosseinzad-Amirkhizi, and could be exploited if users view a maliciously crafted QuickTime TeXML file.Īpple resolved a buffer overflow in Targa image files discovered by someone using the handle Senator of Pirates. There were also buffer overflows in the handling of the transform attribute in text3GTrack elements and style elements in QuickTime TeXML files. The latter was discovered by TELUS Security Labs’ Pavel Polischouk and addressed a buffer overflow in the QuickTime plugin’s handling of MIME types. One was a use after free problem in the way the QuickTime plugin handled ‘_qtactivex_’ parameters within a HTML object element and the other was a use after free flaw in Quicktime ActiveX control’s handling of the Clear() method. Two of the bugs were uncovered by chkr_d591, working with iDefense VCP. The update also resolves three bugs that could cause unexpected application termination or enable the execution of arbitrary code if a user visits a maliciously crafted website. Both vulnerabilities could be exploited if a user views a specially crafted PICT file, which in both cases could cause an application to crash or allow for arbitrary code execution. The first two patches, discovered by IBM X-Force’s Mark Yason and Microsoft’s Jeremy brown respectively, resolve a buffer overflow in the handling of PICT files and REGION records, and a memory corruption issue in the handling of PICT files. The QuickTime 7.7.3 update resolves bugs for Windows 7, Vista, and XP service pack 2 and later. Apple shipped fixes for nine vulnerabilities in its QuickTime multimedia platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |