site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2004-10-27 QuickTime 6.5.2 QuickTime 6.5.2 is now available and delivers the following security enhancements: CVE-ID: CAN-2004-0988 Available for: Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows ME and Microsoft Windows 98 Impact: An integer overflow that may be exploitable in an HTML environment Description: A sign extension of an overflowed small integer can result in a very large number being passed to a memory move function. The fix prevents the small integer from overflowing. This issue does not exist in QuickTime for Mac OS X systems. Credit to John Heasman of Next Generation Security Software Ltd. for reporting this issue. CVE-ID: CAN-2004-0926 Available for: Mac OS X v10.3.x, Mac OS X Server v10.3.x, Mac OS X v10.2.8, Mac OS X Server v10.2.8, Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows ME and Microsoft Windows 98 Impact: A heap buffer overflow could allow attackers to execute arbitrary code Description: Flaws in decoding the BMP image type could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image. This is the same security enhancement that was made available in Security Update 2004-09-30, and can be deployed on the additional system configurations covered by this QuickTime update. QuickTime 6.5.2 may be obtained from the Software Update pane in System Preferences, or Apple's QuickTime web site: http://www.apple.com/quicktime/download/ Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQX/cepyw5owIz4TQAQJvWQf/d8U8EBHIAwLFi733oTbmasx4cHsxdaPv BdyqxTkOONMfAv4sUye4i+92cCvxZTtL1T5GG0fAEMlJiPHUylC8Tx/yKUrU1pEF yqRSCFCxaJVE8Bzag3ZczBPnWG6jIttxOawocoIIoyPeX5BzgeeYd0e7KDDUgwUV mtlTFK9mlgSI8QB+xq8sptHcdqDVOMmTAxANR3Nq4UMK3N0771SkZThRhstiDVkx EWqQdFZ5YBUwug8pULclYPazlNKPp6Hq8Fziafi1q4gSa12vVmFSm4OC26xUtb3l 7xX55W77K337gFPmH0yFwEsg2MnZ2PO2T4TsPMgp6rIRmsFoHfq4ew== =K7tG -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com