Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple releases QuickTime 7.4 with security fixes SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple releases QuickTime 7.4 with security fixes

Apple has just released QuickTime 7.4 which fixes several security vulnerabilities:

  • CVE-2008-0031: A maliciously crafted Sorensen 3 movie file may lead to arbitrary code execution;
  • CVE-2008-0032: A maliciously crafted movie file may lead to arbitrary code execution during the handling of Macintosh resource records;
  • CVE-2008-0033: A maliciously crafted movie file may lead to arbitrary code execution during parsing of Image Descriptor atoms;
  • CVE-2008-0036: A maliciously crafted PICT image may lead to arbitrary code execution;

Note that this update does not yet appear to resolve the critical vulnerability reported last week by Luigi Auriemma (VU #112179).

Maarten

158 Posts
Jan 15th 2008

Sign Up for Free or Log In to start participating in the conversation!