Apple QuickTime Multiple File Handling Code Execution Vulnerabilities

Number: AV08-051
Date: 10 June 2008

Purpose

The purpose of this advisory is to raise awareness of multiple vulnerabilities in Apple QuickTime.

Assessment

Multiple vulnerabilities have been identified in Apple QuickTime which may allow an attacker to execute arbitrary code and take complete control of a vulnerable system.  These vulnerabilities may be exploited remotely by enticing a user to visit a malicious site or open a specially crafted PICT image files, Indeo video content, movie files,'file:' URIs, or AAC-encoded media files.  

Affected Products:

•  Apple QuickTime versions prior to 7.5

Suggested action

CCIRC recommends that administrators test and install the identified updates (Apple QuickTime version 7.5) at the earliest opportunity. 

References:
http://support.apple.com/kb/HT1991
http://www.apple.com/quicktime/download/
http://www.securityfocus.com/bid/29619

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca