what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2007-310A

Technical Cyber Security Alert 2007-310A
Posted Nov 7, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-310A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Versions below 7.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | apple
SHA-256 | 9a845607c7692d683f7a55b5861d0d9bbabe9d325b6c9f1e3396c293d93624e1

Technical Cyber Security Alert 2007-310A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System
Technical Cyber Security Alert TA07-310A


Apple QuickTime Updates for Multiple Vulnerabilities

Original release date: November 06, 2007
Last revised: --
Source: US-CERT

Systems Affected

Vulnerabilities in Apple QuickTime affect
* Apple Mac OS X
* Microsoft Windows

Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of
these vulnerabilities could allow a remote attacker to execute
arbitrary code or cause a denial-of-service condition.

I. Description

Apple QuickTime 7.3 resolves multiple vulnerabilities in the way
different types of image and media files are handled. An attacker
could exploit these vulnerabilities by convincing a user to access a
specially crafted image or media file that could be hosted on a web
page.

Note that Apple iTunes installs QuickTime, so any system with iTunes
is vulnerable.

II. Impact

These vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or commands and cause a denial-of-service
condition. For further information, please see About the security
content of QuickTime 7.3.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.3. This and other updates for Mac OS X are
available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.

References

* About the security content of the QuickTime 7.3 Update -
<http://docs.info.apple.com/article.html?artnum=306896>

* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>

* Apple QuickTime Download - <http://www.apple.com/quicktime/download/>

* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-310A.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

November 6, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn
LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5
ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+
dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY
yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG
lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ==
=9WUY
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close