APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component
APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component
- Subject: APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component
- From: Apple Product Security <email@hidden>
- Date: Wed, 21 Jan 2009 12:13:54 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component
The QuickTime MPEG-2 Playback Component for Windows is now available
and addresses the following issue:
CVE-ID: CVE-2009-0008
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An input validation issue exists in the QuickTime
MPEG-2 Playback Component for Windows. Accessing a maliciously
crafted movie file may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of MPEG-2 files. This issue does not
affect systems running Mac OS X. Credit to Richard Lemon of Code
Lemon for reporting this issue.
The QuickTime MPEG-2 Playback Component is not installed by default,
and is provided separately from QuickTime. Details are available via
http://www.apple.com/quicktime/mpeg2/ Users who have paid for and
downloaded an earlier version of the QuickTime MPEG-2 Playback
Component from the Apple Store may download the updated version for
free.
The steps to determine that a system has the updated version are
listed at http://support.apple.com/kb/HT3381.
The version number of the updated QuickTime MPEG-2 Playback
Component for Windows is 7.60.92.0.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJJd1MOAAoJEHkodeiKZIkBeSMIAMGOwrtv4UHlgGIwetdkZpbZ
GANeZ23lZGd1gKPORWdGFOzTRJhcFfSmJFwY35NNslut2zQ27ltB79IQ4q5Y82nO
qLrvcOtUTbzoCLA85cdr0SnWUaHRHqbsPE+ttrKowuJexQqsANVDdNVxcMjxZs2L
izQXjGM6+x8sgmdB2A9S6+32Kd2vgR10cMvoW79cmliO1b1yoCCGVYcBePw4YPZG
g4FQv3ZgC9HZaevJCQWhnBSNHvHtFKnEqobvlgB14JCmZHfzMD675WHefE4f736i
ts7KUIgtOaQhK4RgE501NEQxrSKaEmF9J+0a3NSvCmp8EAaQDqkInVAjxGTbC2k=
=IgKQ
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden