KLA10016
Multiple vulnerabilities in Apple QuickTime
Updated: 06/01/2019
Detect date
?
02/25/2014
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Apple QuickTime. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities

  1. Improper byte-swapping can be exploited to execute arbitrary code or cause denial of service via a specially designed ttfo element in a movie file
  2. Lack of unspecified pointer initialization can be exploited to execute arbitrary code or cause denial of service via a specially designed tracklist in a movie file
  3. Integer signing can be exploited to execute arbitrary code or cause denial of service via a specially designed stsz atom in a movie file
  4. Vectors related to unknown applications can be exploited to execute arbitrary code or cause denial of service via specially designed idsc, clef, dref and ftab atoms, by a specially designed PSD image or movie file with H.264 encoding.
Affected products

Apple QuickTime versions 7.7.4. and earlier

Solution

Update to latest version
QuickTime

Original advisories

Apple entry

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Apple QuickTime
CVE-IDS
?
CVE-2014-12449.3Critical
CVE-2014-12459.3Critical
CVE-2014-12469.3Critical
CVE-2014-12479.3Critical
CVE-2014-12499.3Critical
CVE-2014-12489.3Critical
CVE-2013-10326.8High
CVE-2014-12509.3Critical
CVE-2014-12439.3Critical
CVE-2014-12519.3Critical