[virusinfo] Critical vulnerability with QuickTime Player - 05/06/04

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 06 May 2004 19:26:20 -0700

From; Panda Oxygen3 24h-365d:

"I am always doing that which I can not do, 
          in order that I may learn how to do it."
         Pablo Picasso (1881-1973); Spanish artist.

      - Critical vulnerability with QuickTime Player -
 Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 6 2004 - US-CERT has reported, at:
http://www.kb.cert.org/vuls/id/782958, a vulnerability that has been
detected in the Apple QuickTime multimedia player which could potentially be
exploited by an attacker to remotely execute arbitrary code. Given the
seriousness of the situation, users are advised to update to version 6.5.1,
in which the security hole has been fixed.
 
The vulnerability is in the QuickTime.qts extension in the Apple media
player and is also integrated in other applications -such as web browsers-
that support QuickTime format. The problem stems from an integer overflow
detected in the routine that copies the Sample-to-Chunk table entries into
an array.
 
An attacker could, in theory, design a file that when viewed by QuickTime,
would cause an application error or allow code to be run.

According to the original advisory, the products affected are Apple
QuickTime 6.5 and Apple iTunes 4.2.0.72. 
 
The solution is to update to QuickTime version 6.5.1, available at:
http://www.apple.com/quicktime/download/

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, 
Panda Software's free online scanner: 1) Netsky.P; 2)Virtumonde.C; 
3)Sasser.B; 4)Netsky.D; 5)Nachi.B.

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Critical vulnerability with QuickTime Player - 05/06/04

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---