Current Activity - Apple Releases QuickTime 7.6.8

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Apple Releases QuickTime 7.6.8

Original release date: September 16, 2010 at 12:00 am
Last revised: September 16, 2010 at 9:09 am


Apple has released QuickTime 7.6.8 to address two vulnerabilities
affecting earlier versions of QuickTime for Windows.

The first vulnerability is due to improper input validation in the
QuickTime ActiveX control. Exploitation of this vulnerability may
allow an attacker to execute arbitrary code.

The second vulnerability is due to a path searching issue related to
insecure loading of dynamic link libraries (DLLs). Exploitation of
this vulnerability may allow an attacker to execute arbitrary code.
Additional information regarding this class of vulnerabilities can be
found in the US-CERT Current Activity entry titled "Insecure Loading
of Dynamic Link Libraries in Windows Applications" and in the US-CERT
Vulnerability Note VU#707943.

US-CERT encourages users and administrators to review Apple article
HT4339 and apply any necessary updates to help mitigate the risks.

Relevant Url(s):
<http://support.apple.com/kb/HT4339>

<http://www.kb.cert.org/vuls/id/707943>

<http://www.us-cert.gov/current/#insecure_loading_of_dynamic_link>

====
This entry is available at
http://www.us-cert.gov/current/index.html#apple_releases_quicktime_7_62

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTJIdXz6pPKYJORa3AQLI6Af+KLVgPtioYyQXmWI067OE8/JEUR2Y8zI8
RQafmPf20Xw185IC0wewmYEjliNjX3g3AkX3S5Qnu1wXPoh2xikgL+aWz7jHfBnA
GvrnXN11W/voAd53SeZQg6kFjHrpoV+Q6NdOAFJQKvPusUMQlMs0jkUEw+seiFhL
+tKvOH+fi8Mrw6amLJz6kxve6PrTXHrFjJak5WxKZG6LRc53XAsohbVkT+6Rqhav
DGgjx5DG2/meeqnyVoaCoOqfWBYYjJAa0ckWmaHad7myAR6b/Kih8JCFum++Vm9m
molQU9+RSzXFCKbgW8pYiZ52TUFXTj3BFTKj7tIyhZzuTJFpiew6ZQ==
=tVNy
-----END PGP SIGNATURE-----