QuickTime Multiple Image / Media File Handling Vulnerabilities

Started by Eric the Red, January 11, 2006, 09:50:19 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Eric the Red

Update: QuickTime 7.0.4

By carefully crafting a corrupt QTIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution. This update addresses the issue by performing additional validation of GIF images. Credit to Varun Uppal of Kanbay for reporting this issue.

Operating Systems affected: Mac OS-X v10.3.9 and later, Windows 2000/XP

See this Apple page for details

QuickTime 7.0.4 may be obtained from the Software Update pane in
System Preferences, or from the Download tab in the QuickTime site
http://www.apple.com/quicktime/

For Mac OS X v10.3.9 or later
The download file is named:  "QuickTimeInstallerX.dmg"
Its SHA-1 digest is:  a605fc27d85b4c6b59ebbbc84ef553b37aa8fbca

For Windows 2000/XP
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  1f7d1942fec2c3c205079916dc47b254e508de4e





"The time to start running is around about the "e" in "Hey, you!" "