Apple today released QuickTime 7.5, which addresses a number of security
issues.
Type: Unexpected application termination; arbitrary code execution;
maliciously crafted PICT
Platform: Windows Vista, XP SP2
Resolution: Improved bounds checking.
Credit: Dyon Balding of Secunia Research
Type: Unexpected application termination or arbitrary code execution;
maliciously crafted AAC-encoded media
Platform: All
Resolution: Additional validation of media files
Credit: Dave Soldera of NGS Software, and Jens Alfke
Type: Unexpected application termination; arbitrary code execution; heap
buffer overflow; PICT images
Platform: All
Resolution: Improved bounds checking
Credit: Liam O Murchu of Symantec
Type: Unexpected application termination or arbitrary code execution;
maliciously crafted Indeo video
Platform: All
Resolution: No longer rendering Indeo video codec content
Credit: Anonymous via TippingPoint's Zero Day Initiative
Type: Arbitrary code execution; file URLs
Platform: All
Resolution: Reveal files in Finder of Windows Explorer instead of
launching them
Credit: Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and "Petko
D.
(pdp) Petkov of GNUCITIZEN" via TippingPoint's Zero Day Initiative
Details:
Although a specific Knowledge Base document has not been published yet,
once published, it should be linked from the Apple security updates
page: http://support.apple.com/kb/HT1222
###
Todd D. Woodward
Team Coordinator
Technical Support Engineer
NetBackup Data Protection Group
Symantec Corporation
www.symantec.com
Springfield, Oregon
issues.
Type: Unexpected application termination; arbitrary code execution;
maliciously crafted PICT
Platform: Windows Vista, XP SP2
Resolution: Improved bounds checking.
Credit: Dyon Balding of Secunia Research
Type: Unexpected application termination or arbitrary code execution;
maliciously crafted AAC-encoded media
Platform: All
Resolution: Additional validation of media files
Credit: Dave Soldera of NGS Software, and Jens Alfke
Type: Unexpected application termination; arbitrary code execution; heap
buffer overflow; PICT images
Platform: All
Resolution: Improved bounds checking
Credit: Liam O Murchu of Symantec
Type: Unexpected application termination or arbitrary code execution;
maliciously crafted Indeo video
Platform: All
Resolution: No longer rendering Indeo video codec content
Credit: Anonymous via TippingPoint's Zero Day Initiative
Type: Arbitrary code execution; file URLs
Platform: All
Resolution: Reveal files in Finder of Windows Explorer instead of
launching them
Credit: Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and "Petko
D.
(pdp) Petkov of GNUCITIZEN" via TippingPoint's Zero Day Initiative
Details:
Although a specific Knowledge Base document has not been published yet,
once published, it should be linked from the Apple security updates
page: http://support.apple.com/kb/HT1222
###
Todd D. Woodward
Team Coordinator
Technical Support Engineer
NetBackup Data Protection Group
Symantec Corporation
www.symantec.com
Springfield, Oregon
Office: 541-335-7441
[ reply ]