[NT] Apple QuickTime PICT Integer Overflow Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.

- - - - - - - - -

Apple QuickTime PICT Integer Overflow Vulnerability


<http://www.apple.com/quicktime/> Quicktime is Apple's "media player
product, and is used to render video and other media. The PICT file format
was developed by Apple Inc. in 1984. PICT files can contain both object
oriented images and bitmaps". Remote exploitation of an integer overflow
in Apple Inc.'s QuickTime could allow an attacker to execute arbitrary
code in the security context of the current user.


Vulnerable Systems:
* Apple Inc.'s QuickTime version 7.4.5
* Apple Inc.'s QuickTime version 7.4

Immune Systems:
* Apple Inc.'s QuickTime version 7.5.5

QuickTime is vulnerable to an integer overflow vulnerability when handling
malformed PICT files. This issue results in heap corruption which can lead
to arbitrary code execution.

Exploitation of this issue results in arbitrary code execution in the
security context of the current user. An attacker would need to host a web
page containing a malformed PICT file. Upon visiting the malicious web
page exploitation would occur. Alternatively a malicious PICT file could
be attached to an e-mail.

iDefense recommends disabling the QuickTime Plug-in and altering the .pic
and .pict file type associations within the registry. Disabling the
plug-in will prevent web browsers from utilizing QuickTime Player to view
associated media files. Removing the file type associations within the
registry will prevent QuickTime Player and Picture Viewer from opening
pic and .pict files.

Vendor response:
Apple has released QuickTime 7.5.5 which resolves this issue. More
information is available via Apple's QuickTime Security Update page at the
URL shown below: <http://support.apple.com/kb/HT3027>

CVE Information:

Disclosure timeline:
05/13/2008 - Initial vendor notification
05/22/2008 - Initial vendor response
09/09/2008 - Coordinated public disclosure


The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxx> iDefense Labs Security Advisories.
The original article can be found at:


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.