[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow
- To: Advisories <Advisories@xxxxxxxx>
- Subject: Re: [Full-disclosure] [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow
- From: Mark Senior <senatorfrog@xxxxxxxxx>
- Date: Wed, 11 Jan 2006 16:30:34 -0700
This must be an unintentional repost, surely?
>From the description of CAN-2004-0431:
Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
allows attackers to execute arbitrary code
>From the description of CERT vuln (linked from the above CVE entry):
III. Solution
Upgrade
Upgrade to QuickTime version 6.5.1.
(...)
Other Information
Date Public 02/18/2004
Date First Published 05/03/2004 03:30:59 PM
Date Last Updated 05/04/2004
On 1/11/06, Advisories <Advisories@xxxxxxxx> wrote:
> EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow
>
> Release Date:
> January 10, 2006
>
> Date Reported:
> November 17, 2005
>
> Patch Development Time (In Days):
> 54 Days
(snip)
> Vendor Status:
> Apple has released a patch for this vulnerability. The patch is
> available via the Updates section of the affected applications.
> This vulnerability has been assigned the CVE identifier CAN-2004-0431.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/