Security Update 2007-001 is now available and provides a fix for the
following security issue:
QuickTime
CVE-ID: CVE-2007-0015
Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server
v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
Impact: Visiting malicious websites may lead to arbitrary code
execution
Description: A buffer overflow exists in QuickTime's handling of RTSP
URLs. By enticing a user to access a maliciously-crafted RTSP URL, an
attacker can trigger the buffer overflow, which may lead to arbitrary
code execution. A QTL file that triggers this issue has been
published on the Month of Apple Bugs web site (MOAB-01-01-2007). This
update addresses the issue by performing additional validation of
RTSP URLs.
Security Update 2007-001 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.4.8 and Mac OS X Server v10.4.8
The download file is named: "SecUpd2007-001Ti.dmg"
Its SHA-1 digest is: c25369b3eb5f11a148eb7f99cc87695097c2f58f
For Mac OS X v10.3.9 and Mac OS X Server v10.3.9
The download file is named: "SecUpd2007-001Pan.dmg"
Its SHA-1 digest is: 237af082b203f0f7f4bee49b055fb533058db993
For Windows 2000 Service Pack 4 / XP
The update is available via the "Apple Software Update" application,
which is installed with the most recent version of QuickTime or
iTunes.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
