Apple Plugs QuickTime Vulnerabilities

By Brian Prince  |  Posted 2010-09-15

Apple updated its QuickTime software to patch two security vulnerabilities.

Among them is a fix for a dynamic-link library [DLL] loading issue affecting numerous programs running on Microsoft Windows. According to Apple, the vulnerability exists on unpatched versions of QuickTime on Windows 7, Vista, XP SP2 or later.

"If an attacker places a maliciously crafted DLL in the same directory as an image file, opening the image file with QuickTime Picture Viewer may lead to arbitrary code execution," the Apple advisory reads. "This issue is addressed by removing the current working directory from the DLL search path. This issue does not affect Mac OS X systems."

Also patched was a flaw reported publicly in late August, along with attack code that could be used to bypass Windows' Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). The bug itself had actually been reported to Apple in June by TippingPoint's Zero-Day Initiative.

According to Apple, the bug was due to an input validation issue in the QuickTime ActiveX control.

"An optional parameter '_Marshaled_pUnk' may be passed to the ActiveX control to specify an arbitrary integer that is later treated as a pointer. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by ignoring the '_Marshaled_pUnk' parameter."

Rocket Fuel