Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - QuickTime 7.3.1 released addresses RTSP vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

QuickTime 7.3.1 released addresses RTSP vulnerability

Published: 2007-12-14
Last Updated: 2007-12-14 21:24:44 UTC
by donald smith (Version: 4)
0 comment(s)

A new version of Apple QuickTime, 7.3.1,  is available that addresses the RTSP vulnerability we covered here: http://isc.sans.org/diary.html?storyid=3713 and http://isc.sans.org/diary.html?storyid=3690

From: http://docs.info.apple.com/article.html?artnum=307176
“QuickTime 7.3.1
QuickTime
CVE-ID: CVE-2007-6166
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.”

The update is available here:
http://www.apple.com/quicktime/download/
 
Thanks go out to Juha-Matti and Roger for sending this in.

Keywords:
0 comment(s)
Diary Archives