From; Panda Oxygen3 24h-365d: "I am always doing that which I can not do, in order that I may learn how to do it." Pablo Picasso (1881-1973); Spanish artist. - Critical vulnerability with QuickTime Player - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, May 6 2004 - US-CERT has reported, at: http://www.kb.cert.org/vuls/id/782958, a vulnerability that has been detected in the Apple QuickTime multimedia player which could potentially be exploited by an attacker to remotely execute arbitrary code. Given the seriousness of the situation, users are advised to update to version 6.5.1, in which the security hole has been fixed. The vulnerability is in the QuickTime.qts extension in the Apple media player and is also integrated in other applications -such as web browsers- that support QuickTime format. The problem stems from an integer overflow detected in the routine that copies the Sample-to-Chunk table entries into an array. An attacker could, in theory, design a file that when viewed by QuickTime, would cause an application error or allow code to be run. According to the original advisory, the products affected are Apple QuickTime 6.5 and Apple iTunes 4.2.0.72. The solution is to update to QuickTime version 6.5.1, available at: http://www.apple.com/quicktime/download/ NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1) Netsky.P; 2)Virtumonde.C; 3)Sasser.B; 4)Netsky.D; 5)Nachi.B. *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member