- An error within the processing of GIF files can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted GIF file.
- Multiple errors within the processing of H.264 files can be exploited to cause stack-based buffer overflows by tricking a user into opening a specially crafted file.
- An error within the QuickTime ActiveX control when processing QTL files can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious website.
* Note: Vulnerabilities #1 through #3 do not affect Mac OS X versions. - An error within the processing of STSC atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
- An error within the processing of STSS atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
- An error within the processing of STSZ atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
- An error within the processing of STTS atoms in QuickTime movie files can be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted QuickTime movie files.
Actualización de seguridad disponible, QuickTime Player-Plugin (August 03th, 2011'): QuickTime Player 7.7
Apple ha publicado una nueva versión de QuickTime (la 7.70.80.34), que solventa diferentes problemas de seguridad en sus versiones para Windows y Mac OS.
La actualización puede instalarse a través de las funcionalidades de actualización automática (Software Update) de Apple, o descargándolas directamente desde:
http://www.apple.com/quicktime/download/
QuickTime 7.7
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
Descarga: QuickTime Player 7.70.80.34.exe
Un Saludo.
