Apple QuickTime 7.6.6

QuickTime 7.6.6 includes changes that increase reliability, improve compatibility and address security. [1]

QuickTime 7.6.6 is now available and addresses the following: [2]
* QuickTime – CVE-ID: CVE-2009-2837
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0059
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0060
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0062
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0514
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0515
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0516
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0517
Description: A heap buffer overflow in the handling of M-JPEG encoded movie files.
* QuickTime – CVE-ID: CVE-2010-0518
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0519
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0520
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0526
Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0527
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0528
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
* QuickTime – CVE-ID: CVE-2010-0529
Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
* QuickTime
Impact: Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution

LINKS:
[1] QuickTime: About QuickTime 7.6.6 HT4008 (2010-Mar-30) [Apple]
[2] About the security content of QuickTime 7.6.6 HT4104 (2010-Mar-30) [Apple]

CRP10-022

iTunes 9.1

What’s new in iTunes 9.1 [1]
iTunes 9.1 comes with several new features and improvements, including:
• Sync with iPad to enjoy your favorite music, movies, TV shows, books and more on the go
• Organize and sync books you’ve downloaded from iBooks on iPad or added to your iTunes library
• Rename, rearrange, or remove Genius Mixes

iTunes 9.1 is now available and addresses the following: [2]

ColorSync
CVE-ID: CVE-2010-0040
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow, that could result in a heap buffer overflow, exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The isssue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue.

ImageIO
CVE-ID: CVE-2009-2285
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer underflow exists in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-001.

ImageIO
CVE-ID: CVE-2010-0041
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website
Description: An uninitialized memory access issue exists in ImageIO’s handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.

ImageIO
CVE-ID: CVE-2010-0042
Available for: Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website
Description: An uninitialized memory access issue exists in ImageIO’s handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-002. Credit to Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.

ImageIO
CVE-ID: CVE-2010-0043
Available for: Windows 7, Vista, XP
Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.3. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gus Mueller of Flying Meat for reporting this issue.

iTunes
CVE-ID: CVE-2010-0531
Available for: Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows 7, Vista, XP
Impact: Importing a maliciously crafted MP4 file may lead to a denial of service
Description: An infinite loop issue exists in the handling of MP4 files.A maliciously crafted podcast may be able to cause an infinite loop in iTunes, and prevent its operation even after it is relaunched. This issue is addressed through improved validation of
MP4 files. Credit to Sojeong Hong of Sourcefire VRT for reporting this issue.

iTunes
CVE-ID: CVE-2010-0532
Available for: Windows 7, Vista, XP
Impact: A local user may be able to obtain system privileges during iTunes installation
Description: A privilege escalation issue exists in the iTunes for Windows installation package. During the installation process, a race condition may allow a local user to modify a file that is then executed with system privileges. The issue is addressed through improved access controls for installation files. This issue does not affect Mac OS X systems. Credit to Jason Geffner of NGSSoftware for reporting this issue.

LINKS:
[1] Announcement: iTunes 9.1 available (2010-Mar-30) [Apple]
[2] About the security content of iTunes 9.1 HT4105 (2010-Mar-30) [Apple]

CRP10-021

Microsoft Security – One out-of-band update (Mar-2010)

Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374. I want to reiterate that Internet Explorer 8 is not affected by this issue so customers using this version are not affected by these attacks and we continue to encourage customers to upgrade to the newer version because it provides more security and protection.
MS10-018 is a typical cumulative update for Internet Explorer and was originally going to be released during the normal update cycle on the 13th of April. The Internet Explorer team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers. [1]

Out of Band Patch

Bulletin	KB number	Description	Severity	Impact	Software
MS10-018	980182	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer

PATCH NOW:
NOW: MS10-018

We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. [2]

This update resolves 10 different vulnerabilities in Internet Explorer, of which the most severe impact can be execution of arbitrary code. All versions of IE from 5.01 to 8.0 are affected to varying degrees. [3]

This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. [4]

LINKS:
[1] Security Bulletin MS10-018 Released (2010-Mar-30) [MSRC]
[2] Internet Explorer Cumulative Update Releasing Out-of-Band (2010-Mar-29) [MSRC]
[3] OOB Update for Internet Explorer MS10-018 (2010-Mar-29) [SANS]
[4] Microsoft Security Bulletin Summary for March 2010 (2010-Mar-30) [MS]

CRP10-020