| Name | Apple.QuickTime.STSD.JPEG.Atom.Heap.Corruption |
| Release Date | May 14, 2009 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a heap-based memory corruption vulnerability in Apple QuickTime.
The vulnerability is caused by lack of boundary checks while processing the 'jpeg' atom embedded in the 'stsd' atom in QuickTime movie files. Remote attackers can exploit it by enticing the users to open a crafted QuickTime movie file. |
| Affected Products | Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1 |
| Recommended Actions | Apply the most recent upgrades or patches from the vendor.
http://www.apple.com/quicktime/download/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0007
|
| Reference/s | http://www.securityfocus.com/bid/33390 (BugTraq)
http://www.zerodayinitiative.com/advisories/ZDI-09-008/
|