Date (UTC) | Description |
2008-06-10 20:02 |
US-CERT TA08-162C: Apple Quicktime Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
|
2008-06-10 13:11 |
SANS Internet Storm Center Upgrade to QuickTime 7.5
Apple released earlier QuickTime 7.5, which a.o. fixes a number of security bugs.
|
2008-06-10 13:05 |
US-CERT Apple Releases QuickTime 7.5
US-CERT Current Activity
Apple has released QuickTime 7.5 to address multiple vulnerabilities.
|
2008-06-09 |
Apple Apple knowledgebase article HT1991: About the security content of QuickTime 7.5
This document describes the security content of QuickTime 7.5.
|
2008-05-08 |
Zero Day Initiative (ZDI) ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution
"file: URL" arbitrary code execution (CVE-2008-1585)
Vulnerability Reported
The specific flaw exists in the handling of SMIL text embedded in video formats. No sanity checking is performed on values of the qt:next attribute. When the URI for this attribute is a file type not recognized by QuickTime, it is passed to url.dll!FileProtocolHandler which will allow explorer.exe handle non-http filetypes. Successful exploitation can result in the execution of arbitrary code.
|
2008-03-10 |
Secunia Research 2008-9: Apple QuickTime PICT Image Parsing Buffer Overflow
PICT Image Parsing Buffer Overflow (CVE-2008-1581)
Vulnerability Reported
|
2008-02-07 |
Zero Day Initiative (ZDI) ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability
Indeo Video Buffer Overflow (CVE-2008-1584)
Vulnerability Reported
The specific flaw exists within the parsing of Quicktime files that utilize the Indeo video codec. A lack of proper bounds checking withing Indeo.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user.
|