• info
• discussion
• exploit
• solution
• references

Apple QuickTime QDM2 and QDCA Encoded Audio Content (CVE-2010-0059) Memory Corruption Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for details.


Apple Mac OS X 10.6

• Apple MacOSXUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple QuickTime Player 7.6

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple Mac OS X Server 10.6

• Apple MacOSXServerUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.1

• Apple MacOSXServerUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.1

• Apple MacOSXUpdCombo10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.2

• Apple MacOSXUpd10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.2

• Apple MacOSXServerUpd10.6.3.dmg
  http://www.apple.com/support/downloads/

Apple QuickTime Player 7.6.1

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.6.2

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.6.4

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/

Apple QuickTime Player 7.6.5

• Apple APPLE-SA-2010-03-30-1 iTunes64Setup.exe
  for QuickTime with iTunes for Windows 64-bit Vista or 7
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 iTunesSetup.exe
  for QuickTime with iTunes for Windows 32-bit XP or Vista
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTime766Leopard.dmg
  for Mac OS X 10.5.8
  http://www.apple.com/quicktime/download/


• Apple APPLE-SA-2010-03-30-1 QuickTimeInstaller.exe
  for Windows 7 / Vista / XP SP3
  http://www.apple.com/quicktime/download/