Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Apple releases QuickTime 7.4 with security fixes InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple releases QuickTime 7.4 with security fixes

Published: 2008-01-15
Last Updated: 2008-01-15 22:09:15 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Apple has just released QuickTime 7.4 which fixes several security vulnerabilities:

  • CVE-2008-0031: A maliciously crafted Sorensen 3 movie file may lead to arbitrary code execution;
  • CVE-2008-0032: A maliciously crafted movie file may lead to arbitrary code execution during the handling of Macintosh resource records;
  • CVE-2008-0033: A maliciously crafted movie file may lead to arbitrary code execution during parsing of Image Descriptor atoms;
  • CVE-2008-0036: A maliciously crafted PICT image may lead to arbitrary code execution;

Note that this update does not yet appear to resolve the critical vulnerability reported last week by Luigi Auriemma (VU #112179).

Keywords:
0 comment(s)
Diary Archives