Unsolved
This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
13480
Updates 11/8/12 - QuickTime
Apple QuickTime Player is by no means a required program. If you don't already have it, you don't need it. But if you do have it, it's time for another update [since QuickTime is one of the major vectors for infection].
The following has been copied/pasted from http://secunia.com/advisories/51226/ :
Description
Multiple vulnerabilities [at least one of which is rated HIGHLY CRITICAL] have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow.
2) An error when processing a PICT file can be exploited to corrupt memory.
3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object.
4) A boundary error when handling the transform attribute of "text3GTrack" elements can be exploited to cause a buffer overflow via a specially crafted TeXML file.
5) Some errors when processing TeXML files can be exploited to cause a buffer overflows.
6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow.
7) A use-after-free error exists in the ActiveX control when handling "Clear()" method.
8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow.
9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow.
The vulnerabilities are reported in versions prior to 7.7.3.
Solution
Update to version 7.7.3.
--------------------------------------
For additional information, see http://support.apple.com/kb/HT5581
Bugbatter
20.5K Posts
0
February 9th, 2013 12:00
This topic is locked because it has become out of date.
If you have a similar question or comment, please feel free to start a new thread at the top of the forum. Thanks.