Apple QuickTime Java Extension Two Vulnerabilities

Visiting a malicious website may lead to the disclosure of sensitive information. A design issue exists in QuickTime for Java, which may allow a web browser’s memory to be read by a Java applet. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information. This update addresses the issue by clearing memory before allowing it to be used by untrusted Java applets.

Critical : Highly Critical. Level 4 of 5.
Impact : Exposure of sensitive information, System access
Where : From remote

Solution Status : Vendor Patch

Software :
Apple QuickTime 7.x

CVE reference : CVE-2007-2389

Description :
Two vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user’s system.

1) A design error in the security restrictions on subclasses of QTObject can be exploited by untrusted Java code to allow subclassing of QuickTime objects that call unsafe functions from QTJava.dll resulting in reading and writing of arbitrary memory.

Successful exploitation allows execution of arbitrary code on Windows and OS X systems when a user visits a malicious web site using a Java-enabled browser.

2) A design error within the handling of Java applets can be exploited to read the browser’s memory when a user visits a malicious website containing a malicious Java applet.

Solutions :
Install Security Update (QuickTime 7.1.6).

Mac OS X:
http://www.apple.com/support/downloads/securityupdatequicktime716formac.html

Windows:
http://www.apple.com/support/downloads/securityupdatequicktime716forwindows.html

Provided and/or discovered by :
1) Discovered independently by:
Dyon Balding, Secunia Research
John McDonald, Paul Griswold, and Tom Cross, IBM Internet Security Systems X-Force.

Original Advisory :
Apple: http://docs.info.apple.com/article.html?artnum=305531
Secunia Research: http://secunia.com/secunia_research/2007-52/

May 30th, 2007 in Bugtraq         Source: securinfos.info
RSS