Big security fixes for QuickTime, Flash Player

By Bill Brenner, Senior News Writer 13 Sep 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Apple Computer Inc. and Adobe warned Tuesday that attackers could exploit serious security holes in QuickTime and Flash Player to run malicious code on targeted machines. But the vendors have updated the popular multimedia applications to fix the flaws.

Apple said in an advisory that QuickTime versions prior to 7.1.3 are susceptible to multiple flaws caused by the application's failure to properly bounds check and sanitize user-supplied data.

Specifically, the problems are that:

• An integer or buffer overflow may be triggered by malicious H.264 movie files.
• An integer or buffer overflow may be triggered by malicious QuickTime movie files.
• A heap-based buffer overflow may be triggered by malicious FLC movie files. (This issue affects the 'COLOR64' chunk in FLIC format files.)
• An integer or buffer overflow may be triggered by malicious FlashPix files.
• An exception can occur that can leave an uninitialized object when handling malicious FlashPix files.
• A buffer overflow may be triggered by a malicious SGI image file.

"An attacker can exploit these issues to execute arbitrary code in the context of the victim user running the vulnerable application," Apple said in its advisory. "Successful exploits may facilitate a remote compromise of affected computers."

One reason the threat is serious is that proof-of-concept exploit code is available for the FLC file heap-based buffer overflow flaw, Cupertino, Calif.-based Symantec Corp. said in an email to customers of its DeepSight Threat Management Service.

Apple has released QuickTime version 7.1.3 to address the vulnerabilities.

Meanwhile, Adobe said in an advisory that Flash Player is susceptible to multiple remote code execution vulnerabilities because the application "fails to properly bounds check user-supplied input before copying it into insufficiently-sized memory buffers."

Adobe said attackers could exploit the problem by creating a media file with large, dynamically-generated string data and submitting it to be processed by the media player.

In its advisory on the problem, Symantec said, "This will cause the application to overwrite system memory at an explicit location. Because of this, race conditions, heap overflow and stack overflow vulnerabilities may be possible and would allow remote attackers to execute arbitrary machine code in the context of the user running the application."

The flaws affect Flash Player 8.0.24.0 and prior, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX and 2004 Adobe Flex 1.5. Adobe recommends users upgrade to version 9.0.16.0.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary