[Full-disclosure] Re: [EEYEB-20051117B] Apple iTunes (QuickTime.qts)Heap Overflow
Dave Korn
davek_throwaway at hotmail.com
Thu Jan 12 14:51:50 GMT 2006
Mark Senior wrote in
news:70f230c70601111530u1f0f688bt520efc44c94ef358 at mail.gmail.com
> This must be an unintentional repost, surely?
>
>> From the description of CAN-2004-0431:
>
> Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
> allows attackers to execute arbitrary code
That's a totally different issue, the bug described in the original post
isn't an integer overflow. I would imagine the author of that post used one
of eEye's earlier QT bug reports as a template and just forgot to update the
CAN number. If you check their website
http://www.eeye.com/html/research/advisories/AD20060111b.html
you'll see they've corrected both the AD number and the CAN number.
cheers,
DaveK
--
Can't think of a witty .sigline today....
Full-Disclosure is hosted and sponsored by Secunia.