Serious QuickTime bugs bite Windows Vista, Mac OS X

Multiple flaws in Apple's QuickTime media player could put millions of Windows and Mac users at risk of code execution attacks, Apple confirmed in an advisory issued today.

A mega-update from Cupertino plugs a total of eight code execution vulnerabilities in QuickTime, all affecting Windows Vista, Microsoft's new operating system. The most serious of the flaws could allow an attacker to use audio and video files to take full control of a vulnerable machine.

In all, the new QuickTime 7.1.5  plugs a total of eight holes affecting Mac OS X, Windows 2000, Windows XP and Windows Vista users.  All eight flaws are considered highly critical because of the risk of code execution attacks.

Vulnerability #1 (Windows Vista/XP/2000):  Viewing a maliciously-crafted 3GP file may lead to an application crash or arbitrary code execution. This is caused by an integer overflow in QuickTime's handling of 3GP video files. By enticing a user to open a malicious movie, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. This issue does not affect Mac OS X.

Vulnerability #2 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Viewing a maliciously-crafted MIDI file may lead to an application crash or arbitrary code execution because of a heap buffer overflow in QuickTime's handling of MIDI files.  An attacker could exploit this bug by enticing a user to open a malicious MIDI file. This could lead to an application crash or arbitrary code execution.

Vulnerability #3 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Viewing a maliciously-crafted Quicktime movie file may lead to an application crash or arbitrary code execution. Apple describes this as a heap buffer overflow in the way the media player handles QuickTime movie files.  Code execution attacks are possible, Apple confirmed.
Vulnerability #4 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Viewing a maliciously-crafted Quicktime movie file may lead to an application crash or arbitrary code execution because of an integer overflow in QuickTime's handling of UDTA atoms in movie files. This could be exploited to cause denial-of-service or arbitrary code execution attacks.
Vulnerability #5 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): A heap buffer overflow in QuickTime's handling of PICT files could allow an attacker to launch code execution attacks when rigged PICT files are viewed.
Vulnerability #6 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Opening a maliciously-crafted QTIF file may lead to an application crash or arbitrary code execution because of a stack buffer overflow exists in QuickTime's handling of QTIF files. "By enticing a user to access a maliciously-crafted QTIF file, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution," Apple warned.
Vulnerability #7 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): An integer overflow in the way QuickTime handles QTIF files could allow a maliciously crafted QTIF file to be used in code execution attacks.
Vulnerability #8 (Mac OS X v10.3.9 and later, Windows Vista/XP/2000): Opening a maliciously-crafted QTIF file may lead to an application crash or arbitrary code execution because of a heap buffer overflow in the media player's handling of QTIF files.

Apple is strongly recommending that users upgrade to QuickTime 7.1.5 via the Software Update or from the download area in the QuickTime site.