----- Forwarded message from Product Security <product-security (at) apple (dot) com [email concealed]> -----
Date: Mon, 31 Mar 2003 13:29:36 -0800
Subject: QuickTime 6.1 for Windows is available
From: Product Security <product-security (at) apple (dot) com [email concealed]>
To: <security-announce (at) lists.apple (dot) com [email concealed]>
Message-ID: <BAADF340.A6%product-security (at) apple (dot) com [email concealed]>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-03-31 QuickTime Player for Windows
A potential vulnerability in Apple's QuickTime Player for Windows could
allow a remote attacker to compromise a target system. This exploit is
only possible if the attacker can convince a user to load a specially
crafted QuickTime URL. Upon successful exploitation, arbitrary code
can be executed under the privileges of the QuickTime user.
CVE Candidate ID: CAN-2003-0168
Versions affected: QuickTime Player versions 5.x and 6.0 for Windows.
QuickTime Player for Mac OS and Mac OS X are not affected.
Recommendation: Install QuickTime version 6.1 for Windows
QuickTime 6.1 for Windows is available via:
http://www.apple.com/quicktime/download/
- or -
"Update Existing Software" menu item in QuickTime Player
Credit to Texonet (http://www.texonet.com/) for discovering this
vulnerability.
Apple Product Security
http://www.apple.com/support/security/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQEVAwUBPoixCSFlYNdE6F9oAQIOsQgAl+bbm4FwcobpmHHvZRY7zf71BZh6USfn
chgtHB3n4L/vnoZrFK8z4f66/Cn8mCjy+vF9Pfk3FcUyJnHed3wm6fVlkbnwJCCJ
p2b8fK+HwNyXYXaR8D0o7eFbR9N3GRu1caN4+zhKYehQVMnzkopLI9LzHF3iKVC7
9ULLwNheRoiQbd5+q1wtkaj1fweXfqHG/LO2+kKaBGNhhrSgipFI1iamvQTZ8o5A
CCfT1RTejcZQY0PnMnqS9+S/wqT9bbRCkMVY3+9HBTZAzrhudED/yDMqwFKv2ofP
51JG5FaDNUT8LVFm6kfRzR719MHqVojGIgNNzpnvGNRb8bWmFE9MKw==
=sB+X
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce (at) lists.apple (dot) com [email concealed]
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
Date: Mon, 31 Mar 2003 13:29:36 -0800
Subject: QuickTime 6.1 for Windows is available
From: Product Security <product-security (at) apple (dot) com [email concealed]>
To: <security-announce (at) lists.apple (dot) com [email concealed]>
Message-ID: <BAADF340.A6%product-security (at) apple (dot) com [email concealed]>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-03-31 QuickTime Player for Windows
A potential vulnerability in Apple's QuickTime Player for Windows could
allow a remote attacker to compromise a target system. This exploit is
only possible if the attacker can convince a user to load a specially
crafted QuickTime URL. Upon successful exploitation, arbitrary code
can be executed under the privileges of the QuickTime user.
CVE Candidate ID: CAN-2003-0168
Versions affected: QuickTime Player versions 5.x and 6.0 for Windows.
QuickTime Player for Mac OS and Mac OS X are not affected.
Recommendation: Install QuickTime version 6.1 for Windows
QuickTime 6.1 for Windows is available via:
http://www.apple.com/quicktime/download/
- or -
"Update Existing Software" menu item in QuickTime Player
Credit to Texonet (http://www.texonet.com/) for discovering this
vulnerability.
Apple Product Security
http://www.apple.com/support/security/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQEVAwUBPoixCSFlYNdE6F9oAQIOsQgAl+bbm4FwcobpmHHvZRY7zf71BZh6USfn
chgtHB3n4L/vnoZrFK8z4f66/Cn8mCjy+vF9Pfk3FcUyJnHed3wm6fVlkbnwJCCJ
p2b8fK+HwNyXYXaR8D0o7eFbR9N3GRu1caN4+zhKYehQVMnzkopLI9LzHF3iKVC7
9ULLwNheRoiQbd5+q1wtkaj1fweXfqHG/LO2+kKaBGNhhrSgipFI1iamvQTZ8o5A
CCfT1RTejcZQY0PnMnqS9+S/wqT9bbRCkMVY3+9HBTZAzrhudED/yDMqwFKv2ofP
51JG5FaDNUT8LVFm6kfRzR719MHqVojGIgNNzpnvGNRb8bWmFE9MKw==
=sB+X
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce (at) lists.apple (dot) com [email concealed]
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
----- End forwarded message -----
[ reply ]