KLA10016
Multiple vulnerabilities in Apple QuickTime
Updated: 02/12/2015
CVSS
?
9.3
Detect date
?
02/25/2014
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. 
Below is a complete list of vulnerabilities

  1. Improper byte-swapping can be exploited to execute arbitrary code or cause denial of service via a specially designed ttfo element in a movie file
  2. Lack of unspecified pointer initialization can be exploited to execute arbitrary code or cause denial of service via a specially designed tracklist in a movie file
  3. Integer signing can be exploited to execute arbitrary code or cause denial of service via a specially designed stsz atom in a movie file
  4. Vectors related to unknown applications can be exploited to execute arbitrary code or cause denial of service via specially designed idsc, clef, dref and ftab atoms, by a specially designed PSD image or movie file with H.264 encoding.
Affected products

Apple QuickTime versions 7.7.4. and earlier

Solution

Update to latest version
QuickTime

Original advisories

Apple entry

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Apple QuickTime
CVE-IDS
?

CVE-2014-1246
CVE-2014-1247
CVE-2014-1244
CVE-2014-1245
CVE-2014-1251
CVE-2014-1243
CVE-2014-1248
CVE-2014-1249
CVE-2014-1250
CVE-2013-1032