Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-11-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New version of QuickTime (7.0.3)

Published: 2005-11-04
Last Updated: 2005-11-06 02:38:44 UTC
by Bojan Zdrnja (Version: 2)
0 comment(s)
Apple announced a new version of QuickTime, 7.0.3 which fixes couple of security vulnerabilities. All of these vulnerabilities can be exploited remotely, by downloading malicious content and range from integer overflows to denial of service attacks.
They also affect both QuickTime on Mac OS X (v10.3.9 or later) and Microsoft Windows 2000, XP.

QuickTime 7.0.3 can be installed via Software Update preferences or downloaded from Apple downloads (
http://www.apple.com/support/downloads/quicktime703.html
).

For more information visit
http://docs.info.apple.com/article.html?artnum=302772.


Thanks to Mike Savory for pointing out that this update was actually released on 12th of October, but the security advisory was released yesterday.

Update - We have received one report from a user that had an early version of Quick - v5x - installed, and he dropped us a note that says "When I selected "Update Existing Software", it said "Your Quick Time software is up to date." So, contrary to the instructions in the article, "installed via Software Update preferences" may not be a viable option and may lead the less skeptical user to believe nothing more needs to be done." Thanks Gary!

Keywords:
0 comment(s)

F-Prot Anti-Virus Scanning Engine Bypass

Published: 2005-11-04
Last Updated: 2005-11-04 18:24:26 UTC
by Robert Danford (Version: 2)
0 comment(s)
An vulnerability has been reported in some versions of F-Prot Anti-Virus. The advisory is referenced below. Exploit code is reported to be available. Though it doesn't look like it would be difficult to create a zip file with  a version header value greater than 15.

http://securitytracker.com/alerts/2005/Nov/1015148.html

Update:
Full information can be found here: (Thanks Thierry)
http://thierry.sniff-em.com/research/fprot.html

Reportedly Vulnerable Versions/Platforms:
TBD

Vendors and users need to be really careful about making assumptions their networks are secure based upon a single application. Diversity and layers are a goodness.

Other recent bypass issues:
WebRoot Desktop Firewall:
http://secwatch.org/advisories/1011804
Sophos:
http://www.securitytracker.com/alerts/2005/Oct/1015025.html
Symantec:
http://www.securitytracker.com/alerts/2005/Oct/1015027.html
Kaspersky:
http://www.securitytracker.com/alerts/2005/Oct/1015024.html
Zone-Alarm:
http://www.net-security.org/vulnerability.php?id=20275
http://download.zonelabs.com/bin/free/securityAlert/35.html


Keywords:
0 comment(s)
Diary Archives