Vulnerability in Apple Quicktime

Frands · January 02, 2007, 02:53:42 PM

Hi :)

QuoteLMH has discovered a vulnerability in Apple Quicktime, which can be exploited by malicious people to compromise a user's system. Do not open untrusted QTL files.

2007-01-02

http://secunia.com/advisories/23540/
http://projects.info-pull.com/moab/MOAB-01-01-2007.html

Frands · January 05, 2007, 09:31:36 PM

Latest news:
http://news.com.com/PDF+security+risk+greater+than+originally+thought/2100-1002_3-6147428.html

Ripley · January 27, 2007, 04:14:27 PM

Apple has provided a fix for Apple QuickTime RTSP buffer overflow

QuoteSolution. Apply Update.
This issue is addressed in Apple Security Update 2007-001. An update for Mac OS X is available on Apple Downloads and via Software Update. An update for Microsoft Windows XP and 2000 systems is availble via the Apple Software Update application installed with QuickTime 7.1.3.

http://www.kb.cert.org/vuls/id/442497

Ripley · January 27, 2007, 04:23:15 PM

As far as I can tell, Windows users must use the Apple Software Update application that came with Quicktime 7 to get the patch.
If you elected not to install the Apple Software update program during the Quicktime or iTunes install I don't think you will be able to get the patch.

Apple Software Update for Windows:

QuoteSoftware Update is an Apple-supplied Windows program that updates Apple software (such as iTunes and QuickTime) over the Internet.
To check whether Apple Software Update is working correctly, follow these steps:

http://docs.info.apple.com/article.html?artnum=304263

Vulnerability in Apple Quicktime

Frands

Frands

Ripley

Ripley