廣告廣告
  加入我的最愛 設為首頁 風格修改
首頁 首尾
 手機版   訂閱   地圖  簡體 
您是第 2900 個閱讀者
 
發表文章 發表投票 回覆文章
  可列印版   加為IE收藏   收藏主題   上一主題 | 下一主題   
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片
推文 x0
[漏洞修補] QuickTime 7.6.9 重要漏洞更新
QuickTime 7.6.9 重要漏洞更新
                                                                                                                                                                                                                                         重要漏洞更新
Critical Security Update Released for QuickTime 7.6.9

Apple has released version 7.6.9 of its QuicktTime player as a security update, addressing critical vulnerabilities that can potentially be exploited to execute arbitrary code.

Most of the security issues apply to QuickTime 7 on Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista and XP SP2 or later, but there are also two Windows-only flaws.

A number of fifteen vulnerabilities were patched in total, most of which can be exploited by tricking users into opening maliciously crafted image or movie files.

Two memory issues, CVE-2010-3787 and CVE-2010-3788, can be triggered via malformed JP2 (JPEG 2000) images and lead to unexpected application termination with the possibility of code execution.

Another three flaws, CVE-2010-3794, CVE-2010-3795 and CVE-2010-3801, can be exploited via maliciously crafted FlashPix images and have the same effect as the JP2 ones.

As far as bugs in the handling of movie files go, one concerns AVIs (CVE-2010-3789), two MPEGs (CVE-2010-3791 and CVE-2010-3792), one QTVRs (CVE-ID: CVE-2010-3802), one Sorenson-encoded (CVE-2010-3793), and three unspecified format (CVE-2010-1508, CVE-2010-4009 and CVE-2010-3790).

CVE-2010-1508 in particular affects only Windows-based systems and concerns the handling of Track Header (tkhd) atoms.

The other Windows-only flaw is identified as CVE-2010-0530 and stems from a file system permissions issue. It can be exploited to disclose sensitive information located in the "Apple Computer" directory.

Finally, the last remote code execution vulnerability (CVE-2010-3800) stems from improper handling of PICT files, a graphics format developed by Apple.

The QuickTime 7.6.9 update is only available for Windows and Mac OS X v10.5.8 (Leopard), because Mac OS X 10.6 comes with an entirely different version called QuickTime X.

QuickTime 7.6.9 for Windows can be downloaded
http://appldnld.apple.com/QuickTime/041-002...ckTimeInstaller.exe



爸爸 你一路好走
獻花 x0 回到頂端 [樓 主] From:台灣台灣固網 | Posted:2010-12-09 01:17 |

首頁  發表文章 發表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.054563 second(s),query:15 Gzip disabled
本站由 瀛睿律師事務所 擔任常年法律顧問 | 免責聲明 | 本網站已依台灣網站內容分級規定處理 | 連絡我們 | 訪客留言