Tuesday, November 06, 2007 2:13 PM cmosby

SANS Internet Storm Center - Quicktime 7.3 patches serious security bugs

 

Quicktime 7.3 patches serious security bugs

Published: 2007-11-06,
Last Updated: 2007-11-06 19:20:59 UTC
by Maarten Van Horenbeeck (Version: 1)

Apple has released Quicktime 7.3 which contains fixes for a number of serious vulnerabilities:

  • A memory corruption bug which can be triggered by a maliciously crafted movie. It could potentially result in arbitrary code execution (CVE-2007-2395).
  • A heap overflow in the use of Sample Table Sample Descriptor atoms, which can be triggered through maliciously crafted movie files. It could potentially result in arbitrary code execution (CVE-2007-3750).
  • Vulnerabilities in Quicktime for Java which could allow untrusted applets to obtain elevated privileges (CVE-2007-3751).
  • Two bugs in PICT file processing, potentially resulting in arbitrary code execution (CVE-2007-4672).
  • A bug in QTVR movie file parsing which could result in arbitrary code execution (CVE-2007-4675).
  • A bug in the parsing of color table atoms which could result in arbitrary code execution (CVE-2007-4677).

The impact of each bug varies based on the platform, but all of Mac OS X, Vista and XP SP2 are affected. Get more information at Apple.

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Filed under: ,

Comments

No Comments