CERT mailing list archives
Current Activity - Apple Releases QuickTime 7.6.8
From: Current Activity <us-cert () us-cert gov>
Date: Thu, 16 Sep 2010 09:36:45 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Apple Releases QuickTime 7.6.8 Original release date: September 16, 2010 at 12:00 am Last revised: September 16, 2010 at 9:09 am Apple has released QuickTime 7.6.8 to address two vulnerabilities affecting earlier versions of QuickTime for Windows. The first vulnerability is due to improper input validation in the QuickTime ActiveX control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. The second vulnerability is due to a path searching issue related to insecure loading of dynamic link libraries (DLLs). Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additional information regarding this class of vulnerabilities can be found in the US-CERT Current Activity entry titled "Insecure Loading of Dynamic Link Libraries in Windows Applications" and in the US-CERT Vulnerability Note VU#707943. US-CERT encourages users and administrators to review Apple article HT4339 and apply any necessary updates to help mitigate the risks. Relevant Url(s): <http://support.apple.com/kb/HT4339> <http://www.kb.cert.org/vuls/id/707943> <http://www.us-cert.gov/current/#insecure_loading_of_dynamic_link> ==== This entry is available at http://www.us-cert.gov/current/index.html#apple_releases_quicktime_7_62 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTJIdXz6pPKYJORa3AQLI6Af+KLVgPtioYyQXmWI067OE8/JEUR2Y8zI8 RQafmPf20Xw185IC0wewmYEjliNjX3g3AkX3S5Qnu1wXPoh2xikgL+aWz7jHfBnA GvrnXN11W/voAd53SeZQg6kFjHrpoV+Q6NdOAFJQKvPusUMQlMs0jkUEw+seiFhL +tKvOH+fi8Mrw6amLJz6kxve6PrTXHrFjJak5WxKZG6LRc53XAsohbVkT+6Rqhav DGgjx5DG2/meeqnyVoaCoOqfWBYYjJAa0ckWmaHad7myAR6b/Kih8JCFum++Vm9m molQU9+RSzXFCKbgW8pYiZ52TUFXTj3BFTKj7tIyhZzuTJFpiew6ZQ== =tVNy -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Apple Releases QuickTime 7.6.8 Current Activity (Sep 16)