Focus on Apple
Second zero-day QuickTime vulnerability Dec 05 2007 08:58PM
Todd Woodward (todd_woodward symantec com)
Over on bugtraq "Juha-Matti" wrote:

The QuickTime RTSP vulnerability reported on 23th Nov is not the only unpatched remote vulnerability in QuickTime player.

It appears that WabiSabiLabi team has reported that there is another (they call it zero-day vuln) flaw too, affecting to XP systems.

The CVE name for this second issue reported by unknown person is CVE-2007-6238. The CVSS score is 10.0, in turn.

I have written a summary with reference links here:

- Juha-Matti

Security Response Researcher
Focus-Apple Moderator
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
Springfield, Oregon
Office: 541-335-7441

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus