« iPhone 3G: Ende der Umsatzbeteiligung - Ende des Unlocks? Teurere Tarife? [Update_2] | Start | TomTom wird Navigations-App für iPhone 3G anbieten »
10.06.2008
QuickTime 7.5 stopft Sicherheitslücken
In der Softwareaktualisierung: Nicht QuickTime X, sondern QuickTime 7.5 (60MB), das "die Programmkompatibilität" verbessern soll und fünf Sicherheitslücken bereinigt. Die Details zu den behobenen Schwachstellen im Anschluss. Neustart erforderlich.
QuickTime
CVE-ID: CVE-2008-1581
Available for: Windows Vista, XP SP2
Impact: Opening a maliciously crafted PICT image file may lead to an
unexpected application termination or arbitrary code execution
Description: An issue in QuickTime's handling of PixData structures
when processing a PICT image may result in a heap buffer overflow.
Opening a maliciously crafted PICT image may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking. This issue does
not affect systems running Mac OS X. Credit to Dyon Balding of
Secunia Research for reporting this issue.
QuickTime
CVE-ID: CVE-2008-1582
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Opening a maliciously crafted AAC-encoded media content may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue exists in QuickTime's
handling of AAC-encoded media content. Opening a maliciously crafted
media file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue by
performing additional validation of media files. Credit to Dave
Soldera of NGS Software, and Jens Alfke for reporting this issue.
QuickTime
CVE-ID: CVE-2008-1583
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Opening a maliciously crafted PICT image file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of PICT images. Opening a maliciously crafted PICT image file may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to Liam O Murchu of Symantec for reporting this
issue.
QuickTime
CVE-ID: CVE-2008-1584
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Viewing maliciously crafted Indeo video media content may
lead to an unexpected application termination or arbitrary code
execution
Description: An issue in QuickTime's handling of Indeo video codec
content may result in a stack buffer overflow. Viewing a maliciously
crafted movie file with Indeo video codec content may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by not rendering Indeo video codec
content. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2008-1585
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 - v10.4.11,
Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Playing maliciously crafted QuickTime content in QuickTime
Player may lead to arbitrary code execution
Description: A URL handling issue exists in QuickTime's handling of
file: URLs. This may allow arbitrary applications and files to be
launched when a user plays maliciously crafted QuickTime content in
QuickTime Player. This update addresses the issue by revealing files
in Finder or Windows Explorer rather than launching them. Credit to
Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, and Petko D.
(pdp) Petkov of GNUCITIZEN working with TippingPoint's Zero Day
Initiative for reporting this issue.
Posted by Leo at 07:23 | Permalink
TrackBack
TrackBack-Adresse für diesen Eintrag:
https://www.typepad.com/services/trackback/6a00d83451c7b569e200e55352a8ab8834
Listed below are links to weblogs that reference QuickTime 7.5 stopft Sicherheitslücken:
