Apple releases QuickTime 7.7.2 which fixes 17 vulnerabilities

Apple today released QuickTime version 7.7.2 which fixes a whopping 17 vulnerabilities.

Here is a complete list of all 17 vulnerabilities that have been fixed:

• Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution – Description: Multiple stack overflows existed in QuickTime’s handling of TeXML files. These issues do not affect OS X systems. – CVE-2012-0663 : Alexander Gavrun working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: A heap overflow existed in QuickTime’s handling of text tracks. This issue does not affect OS X systems. – CVE-2012-0664 : Alexander Gavrun working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: A heap buffer overflow existed in the handling of H.264 encoded movie files. – CVE-2012-0665 : Luigi Auriemma working with HP’s Zero Day Initiative
• Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution – Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. – CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. – CVE-2011-3459 : Luigi Auriemma working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution – Description: A buffer overflow existed in the handling of audio sample tables. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002. – CVE-2012-0658 : Luigi Auriemma working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution – Description: An integer overflow existed in the handling of MPEG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-002. – CVE-2012-0659 : An anonymous researcher working with HP’s Zero Day Initiative
• Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution – Description: A stack buffer overflow existed in the QuickTime plugin’s handling of QTMovie objects. This issue does not affect OS X systems. – CVE-2012-0666 : CHkr_D591 working with HP’s Zero Day Initiative
• Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution – Description: A buffer overflow existed in the handling of PNG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. – CVE-2011-3460 : Luigi Auriemma working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution – Description: A signedness issue existed in the handling of QTVR movie files. This issue does not affect OS X systems. – CVE-2012-0667 : Alin Rad Pop working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. – CVE-2012-0661 : Damian Put working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: A buffer overflow existed in the handling of RLE encoded movie files. – CVE-2012-0668 : Luigi Auriemma working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: A buffer overflow existed in QuickTime’s handling of Sorenson encoded movie files. This issue does not affect OS X systems. – CVE-2012-0669 : Damian Put working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution – Description: An integer overflow existed in QuickTime’s handling of sean atoms. – CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP’s Zero Day Initiative
• Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution – Description: A memory corruption issue existed in the handling of .pict files. – CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)
• Impact: Opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution – Description: A stack buffer overflow existed in QuickTime’s handling of file paths. This issue does not affect OS X systems. – CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security Center via Secunia SVCRP
• Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution – Description: An integer underflow existed in QuickTime’s handling of audio streams in MPEG files. – CVE-2012-0660: Justin Kim at Microsoft and Microsoft Vulnerability Research (MSVR)