QuickTime 7.3.1 released addresses RTSP vulnerability
A new version of Apple QuickTime, 7.3.1, is available that addresses the RTSP vulnerability we covered here: http://isc.sans.org/diary.html?storyid=3713 and http://isc.sans.org/diary.html?storyid=3690
From: http://docs.info.apple.com/article.html?artnum=307176
“QuickTime 7.3.1
QuickTime
CVE-ID: CVE-2007-6166
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.”
The update is available here:
http://www.apple.com/quicktime/download/
Thanks go out to Juha-Matti and Roger for sending this in.
Comments