Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2010-09-15-1 QuickTime 7.6.8
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2010-09-15-1 QuickTime 7.6.8



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-09-15-1 QuickTime 7.6.8

QuickTime 7.6.8 is now available and addresses the following:

QuickTime
CVE-ID:  CVE-2010-1818
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  An input validation issue exists in the QuickTime
ActiveX control. An optional parameter '_Marshaled_pUnk' may be
passed to the ActiveX control to specify an arbitrary integer that is
later treated as a pointer. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed by ignoring the '_Marshaled_pUnk'
parameter. This issue does not affect Mac OS X systems. Credit to
HBelite working with TippingPoint's Zero Day Initiative for reporting
this issue.

QuickTime
CVE-ID:  CVE-2010-1819
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing an image in a maliciously prepared directory may
lead to arbitrary code execution
Description:  A path searching issue exists in QuickTime Picture
Viewer. If an attacker places a maliciously crafted DLL in the same
directory as an image file, opening the image file with QuickTime
Picture Viewer may lead to arbitrary code execution. This issue is
addressed by removing the current working directory from the DLL
search path. This issue does not affect Mac OS X systems. Credit to
Haifei Li of Fortinet's FortiGuard Labs for reporting this issue.


QuickTime 7.6.8 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/

For Windows 7 / Vista / XP SP2 or later
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 38e33492ea1200abeda87256872e5a3dd47e584f

QuickTime 7.6.8 is not presented to Mac OS X systems.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJMkQCVAAoJEGnF2JsdZQee518IALLozEKvWbSpuS/w7cg/vyTL
jy773Ceo6KU4Y3lYfYI4Lqigm/pc405ALtMAgH7sUoxARcXGqpQHuABcoLdFVZmh
i2Ax/5oLKdwrgvH1jyn5vhfTC+Zh9jONqxtmYumKX2acodfT32YQmBLgD5rfBwH1
1mWXYZprcwF6C5XelcoG5NjbclKeSw/iqCtHNQ2UtV7H8vOvY0AnjfiKW3snarcL
BTYyvI672fPPZGGp+f7wBFZCs31PRUQy2Q287WrV4+SljUevL0OCnzvK0ZgmWABB
cWTthHx02uz8MmLKFs/5YUSJQdtZ756rpJEEi9f5oCAsokBil/OuvqI2ZXsIbVY=
=5Ehp
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.