ID

VAR-201211-0325

CVE

CVE-2012-3754

TITLE

Apple QuickTime of ActiveX Vulnerability in arbitrary code execution in control

DESCRIPTION

Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. The following individual records exist to better document the issues: 56564 Apple QuickTime CVE-2012-3754 Use-After-Free Remote Code Execution Vulnerability 56563 Apple QuickTime CVE-2012-3751 Use-After-Free Remote Code Execution Vulnerability 56552 Apple QuickTime CVE-2012-3756 Buffer Overflow Vulnerability 56551 Apple QuickTime CVE-2012-3755 Buffer Overflow Vulnerability 56550 Apple QuickTime CVE-2012-3753 Buffer Overflow Vulnerability 56549 Apple QuickTime CVE-2011-1374 Buffer Overflow Vulnerability 56557 Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities 56556 Apple QuickTime CVE-2012-3757 Memory Corruption Vulnerability 56553 Apple QuickTime CVE-2012-3758 Buffer Overflow Vulnerability. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. CVE-ID CVE-2012-3751 : chkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of the transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3758 : Alexander Gavrun working with HP TippingPoint's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. This issue was addressed through improved memory management. CVE-ID CVE-2012-3754 : CHkr_d591 working with iDefense VCP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3755 : Senator of Pirates QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Unknown

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

chkr_d591 working with iDefense VCP

SOURCES

LAST UPDATE DATE

2025-04-11T20:19:00.688000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE