Apple.QuickTime.QTJava.toQTPointer.Code.Execution
Description
A vulnerability has been identified in Apple QuickTime, which can be leveraged to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime Java extensions.
The vulnerability exists within the routine toQTPointer(), which is exposed through quicktime.util.QTHandleRef. A lack of sanity checking on the parameters passed to this routine allows an attacker to write arbitrary values to memory.
Affected Products
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Impact
Arbitrary code execution.
Recommended Actions
The vendor has released version 7.1.6 to address this issue. Please apply it.
Apple iTunesSetup.exe
QuickTime 7.1.6 with iTunes for Windows XP/2000
http://www.apple.com/quicktime/download/
/>Apple QuickTime716.dmg
For Mac OS X v10.4.9 and Mac OS X v10.3.9
http://www.apple.com/quicktime/download/
/>Apple QuickTimeInstaller.exe
QuickTime 7.1.6 for Windows XP/2000
http://www.apple.com/quicktime/download/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-10-12 | 16.941 | Name:Apple. QTJava. toQTPointer. Code. Execution:Apple. QuickTime. QTJava. toQTPointer. Code. Execution |