Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: InfoSec Handlers Diary Blog - Upgrade to QuickTime 7.5 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Upgrade to QuickTime 7.5

Published: 2008-06-10
Last Updated: 2008-06-10 13:11:36 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

Apple released earlier QuickTime 7.5, which a.o. fixes a number of security bugs.

Apple's security improvements include fixes for:

  • CVE-2008-1581: PICT images can lead to an heap overflow and code execution
  • CVE-2008-1582: AAC coded media can lead to code execution
  • CVE-2008-1583: PICT images can lead to an heap overflow and code execution
  • CVE-2008-1584: Indeo video codec can lead to a stack buffer overflow and code execution - note the fix: "This update addresses the issue by not rendering Indeo video codec content."
  • CVE-2008-1585: handling of file: URLs in QuickTime files could lead to an attacker controlled application launch and code execution - note the fix: "This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them."

--
Swa Frantzen -- Gorilla Security

Keywords: apple quicktime
0 comment(s)
Diary Archives