Focus on Apple
Apple releases QuickTime 7.5 Jun 10 2008 12:58AM
Todd Woodward (todd_woodward symantec com)
Apple today released QuickTime 7.5, which addresses a number of security
issues.

Type: Unexpected application termination; arbitrary code execution;
maliciously crafted PICT
Platform: Windows Vista, XP SP2
Resolution: Improved bounds checking.
Credit: Dyon Balding of Secunia Research

Type: Unexpected application termination or arbitrary code execution;
maliciously crafted AAC-encoded media
Platform: All
Resolution: Additional validation of media files
Credit: Dave Soldera of NGS Software, and Jens Alfke

Type: Unexpected application termination; arbitrary code execution; heap
buffer overflow; PICT images
Platform: All
Resolution: Improved bounds checking
Credit: Liam O Murchu of Symantec

Type: Unexpected application termination or arbitrary code execution;
maliciously crafted Indeo video
Platform: All
Resolution: No longer rendering Indeo video codec content
Credit: Anonymous via TippingPoint's Zero Day Initiative

Type: Arbitrary code execution; file URLs
Platform: All
Resolution: Reveal files in Finder of Windows Explorer instead of
launching them
Credit: Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and "Petko
D.
(pdp) Petkov of GNUCITIZEN" via TippingPoint's Zero Day Initiative

Details:
Although a specific Knowledge Base document has not been published yet,
once published, it should be linked from the Apple security updates
page: http://support.apple.com/kb/HT1222

###

Todd D. Woodward
Team Coordinator
Technical Support Engineer
NetBackup Data Protection Group
Symantec Corporation
www.symantec.com
Springfield, Oregon

Office: 541-335-7441

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus