eEye Digital Security has published four (4) advisories related to Apple Quicktime vulnerabilities. These vulnerabilities were marked as critical because they can cause remote arbitrary code execution. In effect, the attacker can control the affected system with the same privileges as the logged in user.
The following vulnerabilities are enumerated below with some short description.
The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed the player or application hosting the QuickTime plug-in.
The vulnerability allows an attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed iTunes.
There is a stack overflow in the way QuickTime processes qtif format files. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1.
…a critical heap overflow in the Apple Quicktime player that allows for the execution of arbitrary code via a maliciously crafted GIF file.
This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls.
The following systems are affected by these vulnerabilities.
- Quicktime on Windows 2000
- Quicktime on Windows XP
- Quicktime on Mac OS X 10.3.9
- Apple iTunes on Windows 2000
- Apple iTunes on Windows XP
- Apple iTunes on OS X 10.3.9
Apple has released Apple QuickTime version 7.0.4 to solve these vulnerabilities. Mac OS X users should update their software by following the steps described in Apple’s web site. Windows 2000 and XP users should download Apple QuickTime 7.0.4.
By the way, the advisories were released the same date as Microsoft did on their latest security updates