DESCRIPTION
A vulnerability in Apple QuickTime 6.5 and Apple iTunes 4.2.0.72 could let a
remote attacker reliably overwrite heap memory with user-controlled data and
execute arbitrary code within the SYSTEM context. This specific flaw exists
within the quicktime.qts file, through which many applications access
QuickTime's functionality. Specially crafting atoms within a movie file
triggers a direct heap overwrite, which makes reliable code execution possible.
VENDOR RESPONSE Apple has released has
released a patch for this vulnerability, which is available through the Updates
section of the affected application.
CREDIT
Discovered by eEye Digital Security.
=
End of Article
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
While Microsoft is still investigating a notebook battery life issue that was supposedly caused by Windows 7, some interesting trends have emerged. ...
Microsoft on Monday issued a lengthy statement about the recent Windows 7 battery controversy, echoing my assessment from earlier in the day, but backing it up with hard, cold evidence. ...
Should Your Email Live in the Cloud? This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs.
New from Left-Brain.com - Manage VMware with PowerShell Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines. Solve your old problems using less code than you thought possible!
Register
