Apple Releases QuickTime 7.6.6 with 16 Security Patches for Leopard & Windows

| Product News

Apple released QuickTime 7.6.6 Tuesday, an update for Windows 7 and Vista, as well as Mac OS X 10.5.x, Leopard. The patch addresses some 16 different issues affecting Windows and Leopard, including several that could allow the bad guys to take over your PC or Mac.

You can download the update through Software Update in Leopard, or through the Apple Software Updater application in Windows. Alternately, you can find the update at Apple’s QuickTime download site.

  • QuickTime
    CVE-ID: CVE-2009-2837
    Available for: Windows 7, Vista, XP SP2
    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. The issue is addressed through improved validation of PICT images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2, and for Mac OS X v10.5 systems it is addressed in Security Update 2009-006. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0059
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of QDM2 encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0060
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of QDMC encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0062
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0514
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of H.261 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.261 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Will Dormann of the CERT/CC for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0515
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption in the handling of H.264 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.264 encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3.
  • QuickTime
    CVE-ID: CVE-2010-0516
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow in the handling of RLE encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of RLE encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0517
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Description: A heap buffer overflow in the handling of M-JPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional
    validation of M-JPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0518
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of Sorenson encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Will Dormann of the CERT/CC for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0519
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: An integer overflow exists in the handling of FlashPix encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS Xv10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0520
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of FLC encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional
    validation of FLC encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to Moritz Jodeit of n.runs AG, and Nicolas Joly of VUPEN Security working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0526
    Available for: Mac OS X v10.5.8, Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0527
    Available for: Windows 7, Vista, XP SP2
    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
    Description: An integer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. This issue does not affect Mac OS X systems. Credit to Nicolas Joly of VUPEN Vulnerability Research Team for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0528
    Available for: Windows 7, Vista, XP SP2
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption exists in the handling of color tables in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional
    validation of color tables. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0529
    Available for: Windows 7, Vista, XP SP2
    Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. This issue does not affect Mac OS X systems. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.
  • QuickTime
    CVE-ID: CVE-2010-0536
    Available for: Windows 7, Vista, XP SP2
    Impact: Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of BMP images. Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of BMP images. This issue does not affect Mac OS X systems. Credit to SkyLined of Google, Inc. for reporting this issue.

Comments

iJack

So, what about those of us still using QT 7 in Snow Leopard?

Log-in to comment