| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / november, 2004 / Update for QuickTime 

Update for QuickTime

Update for QuickTime

Madrid, November 1, 2004 - Apple (*) has released version 6.5.2 of its multimedia player QuickTime, which corrects two important vulnerabilities that could allow an attacker to run remote arbitrary code.

One of these security flaws could allow an attacker to insert arbitrary code using a BMP image. This code would be run when the image were processed by QuickTime, due to a buffer overflow in the module that decrypts this format.

The second vulnerability lies in an integer overflow that could be exploited using an HTML document. This problem occurs when the value of an integer variable overruns the value assigned to it, resulting in a buffer overflow.

The first of these vulnerabilities affects both QuickTime for Windows and for Mac OS X, whereas the second only occurs under Windows.

QuickTime 6.5.2 released by Apple can be downloaded from: http://www.apple.com/quicktime/download/

(*) The bulletin published by Apple is available at: http://docs.info.apple.com/article.html?artnum=61798


Oxygen3 24h-365d
by Panda Software

2004-11-02 10:32

Back