SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   QuickTime Vendors:   Apple Computer
QuickTime Movie File External URL Bug Lets Remote Users Obtain Information
SecurityTracker Alert ID:  1019758
SecurityTracker URL:  http://securitytracker.com/id/1019758
CVE Reference:   CVE-2008-1014   (Links to External Site)
Date:  Apr 3 2008
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.4.5
Description:   A vulnerability was reported in QuickTime in the processing of movie files. A remote user can obtain information from the target user's system.

A remote user can create a specially crafted QuickTime movie file that, when loaded by the target user, will open external URLs. A remote user may be able to exploit this to obtain information from the target user's system.

Jorge Escala of Open Tech Solutions and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs reported this vulnerability.

Impact:   A remote user can obtain information from the target user's system.
Solution:   The vendor has issued a fixed version (7.4.5), available from the Software Update application, or from the Apple Downloads site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5 or later
The download file is named: "QuickTime745Leopard.dmg"
Its SHA-1 digest is: 764ec0031f18ef999a95c6b20f417f8d2c05a10f

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named: "QuickTime745Tiger.dmg"
Its SHA-1 digest is: 60c9b3e205e4995324dc53b2a4500318fc994e6b

For Mac OS X v10.3.9
The download file is named: "QuickTime745Panther.dmg"
Its SHA-1 digest is: 2b3230fbb4dcd1436bf8856b87281915a654f821

For Windows Vista / XP SP2
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 4e507f48610f9a65be18b2c37ceead18da2d4c03

QuickTime with iTunes for Windows XP or Vista
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: ff2a3c234d164f30f8b1d05297a49a55f3f4e8c0

The vendor's advisory is available at:

http://support.apple.com/kb/HT1232
Vendor URL:  support.apple.com/kb/HT1232 (Links to External Site)
Cause:   Access control error
Underlying OS:   UNIX (OS X), Windows (Vista), Windows (XP)

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC