Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Fix for quicktime arbitrary code execution - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Fix for quicktime arbitrary code execution
     Apple has provided a fix for an buffer overflow vulnerability in RTSP urls.  The fix is available for: "QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000".

For Windows users: The patch is only provided for OS X. As a Windows user, your best bet is to uninstall Quicktime and if you still need it download the newest version from Apple later. You can find it by clicking the "Quicktime" tab on Apple's home page (www.apple.com) and follow the download links. Its not clear if the version that is available right now is vulnerable or not. But it does not appear to have been updated recently.

     Many thanks to Juha-Matti for bringing this up.
William

80 Posts

Sign Up for Free or Log In to start participating in the conversation!