Full Disclosure mailing list archives
Re: [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow
From: Mark Senior <senatorfrog () gmail com>
Date: Wed, 11 Jan 2006 16:30:34 -0700
This must be an unintentional repost, surely?
From the description of CAN-2004-0431:
Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code
From the description of CERT vuln (linked from the above CVE entry):
III. Solution Upgrade Upgrade to QuickTime version 6.5.1. (...) Other Information Date Public 02/18/2004 Date First Published 05/03/2004 03:30:59 PM Date Last Updated 05/04/2004 On 1/11/06, Advisories <Advisories () eeye com> wrote:
EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow Release Date: January 10, 2006 Date Reported: November 17, 2005 Patch Development Time (In Days): 54 Days
(snip)
Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CAN-2004-0431.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Advisories (Jan 11)
- Re: [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Mark Senior (Jan 11)
- Re: [EEYEB-20051117B] Apple iTunes (QuickTime.qts)Heap Overflow Dave Korn (Jan 12)
- Re: [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow Mark Senior (Jan 11)