QuickTime < 7.7.1 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801196

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :

- A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)

- An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)

- An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)

- A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)

- A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)

- A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)

- Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)

- An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)

- A signedness issue exists in the handling of font tables embedded n QuickTime movie files.

- A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)

- An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)

- A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)

Solution

Upgrade to QuickTime 7.7.1 or later.

See Also

support.apple.com/kb/HT5016

Plugin Details

Severity: High

ID: 801196

Family: Web Clients

Published: 10/27/2011

Nessus ID: 56667

Vulnerability Information

Patch Publication Date: 10/27/2011

Vulnerability Publication Date: 10/12/2011

Reference Information

CVE: CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251

BID: 50068, 50100, 50101, 50122, 50127, 50130, 50131, 50399, 50400, 50401, 50403, 50404