[Full-disclosure] [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow
Mark Senior
senatorfrog at gmail.com
Wed Jan 11 23:30:34 GMT 2006
This must be an unintentional repost, surely?
>From the description of CAN-2004-0431:
Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
allows attackers to execute arbitrary code
>From the description of CERT vuln (linked from the above CVE entry):
III. Solution
Upgrade
Upgrade to QuickTime version 6.5.1.
(...)
Other Information
Date Public 02/18/2004
Date First Published 05/03/2004 03:30:59 PM
Date Last Updated 05/04/2004
On 1/11/06, Advisories <Advisories at eeye.com> wrote:
> EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow
>
> Release Date:
> January 10, 2006
>
> Date Reported:
> November 17, 2005
>
> Patch Development Time (In Days):
> 54 Days
(snip)
> Vendor Status:
> Apple has released a patch for this vulnerability. The patch is
> available via the Updates section of the affected applications.
> This vulnerability has been assigned the CVE identifier CAN-2004-0431.
>
Full-Disclosure is hosted and sponsored by Secunia.