Apple QuickTime Multiple Vulnerabilities
- Creatore Discussione ERCOLINO
- Data di inizio
Secunia Advisory: SA28092
Release Date: 2007-12-14
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
CVE reference: CVE-2007-4706 (Secunia mirror)
CVE-2007-4707 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the handling of QTL files can be exploited to cause a heap-based buffer overflow when a user views a specially crafted QTL file.
Successful exploitation may allow execution of arbitrary code.
2) Various unspecified errors exist in QuickTime's Flash media handler, which can be exploited to execute arbitrary code.
The vulnerabilities are reported in Apple QuickTime prior to version 7.3.1.
Secunia has constructed the Online Software Inspector, which you can use to check if your local system is vulnerable. If you wish to scan your corporate network, then please refer to the Network Software Inspector.
Solution:
Update to Apple QuickTime version 7.3.1.
Release Date: 2007-12-14
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Apple QuickTime 7.x
CVE reference: CVE-2007-4706 (Secunia mirror)
CVE-2007-4707 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the handling of QTL files can be exploited to cause a heap-based buffer overflow when a user views a specially crafted QTL file.
Successful exploitation may allow execution of arbitrary code.
2) Various unspecified errors exist in QuickTime's Flash media handler, which can be exploited to execute arbitrary code.
The vulnerabilities are reported in Apple QuickTime prior to version 7.3.1.
Secunia has constructed the Online Software Inspector, which you can use to check if your local system is vulnerable. If you wish to scan your corporate network, then please refer to the Network Software Inspector.
Solution:
Update to Apple QuickTime version 7.3.1.