Description: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the handling of QTL files can be exploited to cause a heap-based buffer overflow when a user views a specially crafted QTL file.
Successful exploitation may allow execution of arbitrary code.
2) Various unspecified errors exist in QuickTime's Flash media handler, which can be exploited to execute arbitrary code.
The vulnerabilities are reported in Apple QuickTime prior to version 7.3.1.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution: Update to Apple QuickTime version 7.3.1.
Provided and/or discovered by: 1) Reported by the vendor.
2) The vendor credits:
* Tom Ferris, Adobe Secure Software Engineering Team (ASSET)
* Mike Price of McAfee Avert Labs
* Lionel d'Hauenens and Brian Mariani of Syseclabs
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
