November 2005

ID: 00991
Ref: 929/05
Date: 07 November 2005:11:39:16
Version: 1

---

Title: Apple - QuickTime 7.0.3 [APPLE-SA-2005-11-04]
Abstract: QuickTime 7.0.3 delivers multiple security enhancements
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple

---

Title
=====
Apple - QuickTime 7.0.3 [APPLE-SA-2005-11-04]


Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-11-04 QuickTime 7.0.3

QuickTime 7.0.3 delivers the following security enhancements:

CVE-ID: CVE-2005-2753
Available for: Mac OS X v10.3.9 or later, Windows 2000/XP
Impact: An integer overflow may be exploitable via remotely
originated content
Description: A sign extension of an embedded "Pascal" style string
could result in a very large memory copy. The update treats the
string as having unsigned length. Credit to Piotr Bania
(bania.piotr@gmail.com) for reporting this issue.

CVE-ID: CVE-2005-2754
Available for: Mac OS X v10.3.9 or later, Windows 2000/XP
Impact: An integer overflow may be exploitable via remotely
originated content
Description: Improper movie attributes could result in a very large
memory copy. The update checks for a valid non-zero size before
copying. Credit to Piotr Bania (bania.piotr@gmail.com) for reporting
this issue.

CVE-ID: CVE-2005-2755
Available for: Mac OS X v10.3.9 or later, Windows 2000/XP
Impact: A denial of service against any application loading
remotely-originated content
Description: A missing movie attribute is interpreted as an
extension, but the absence of the extension is not flagged as an
error, resulting in a de-reference of a NULL pointer. The update
requires either the movie attribute or the extension to be present
for a well-formed movie. Credit to Piotr Bania
(bania.piotr@gmail.com) for reporting this issue.

CVE-ID: CVE-2005-2756
Available for: Mac OS X v10.3.9 or later, Windows 2000/XP
Impact: Compressed PICT data may overwrite application memory from
remotely originated content
Description: Expansion of compressed PICT data could exceed the size
of the destination buffer. The update prevents decompressed data
from exceeding the destination buffer size. Credit to Piotr Bania
(bania.piotr@gmail.com) for reporting this issue.

QuickTime 7.0.3 may be obtained from the Software Update pane in
System Preferences, or from the Download tab in the QuickTime site
http://www.apple.com/quicktime/

For Mac OS X v10.3.9 or later
The download file is named: "QuickTimeInstallerX.dmg"
Its SHA-1 digest is: 7e08669fe822c44d53f125e5c73bd65009c43e29

For Windows 2000/XP
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 56bc7f7d8f293e703fb3801cb07ec16aaaad20c5

Information will also be posted to the Apple Product Security
web site: http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2ufToHaV5ucd/HdAQLnNQf9H01iKdIceozvnWYfHFbZP2cw2cCBdGni
HWvZbsigLEWV+tXgjKUHzzcL+Z02r7m148h6kNHB0CnUqH0Y/M1/2Y7s5YzjsLOY
x/iHVU6fPSheYu2BUVWRfRrrTBsVzInZu/5OixiBiXEVKvqki9ca37WcmN/7G1HU
5qmq/u9Ho0P+0Nnllfsu5JfdAvEprxW5uj4KVdgIqA14N4D9fh+9ZVOUdU692qSP
lVIlEa571j9rLSlCNgLYWMZm08R101YAB5HJDgLXXtBpxV9GEe99rchxtjq8Q4Jt
Lp01qSPMLHE+xnNVHtGYUIOqB/u9gb2+/QlmDlFbVAMnkxfHfuD20g==
=5T9F
- -----END PGP SIGNATURE-----