Summary / extract
+ keywords: |
QuickTime 7.5.5 is now available and addresses the following issues:
QuickTime
CVE-ID: CVE-2008-3615
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in the
third-party Indeo v5 codec for QuickTime, which does not ship with
QuickTime. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by not rendering content encoded with any
version of the Indeo codec. This issue does not affect systems
running Mac OS X. Credit to Paul Byrne of NGSSoftware for reporting
this issue.
QuickTime
CVE-ID: CVE-2008-3635
Available for: Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in the third-party Indeo
v3.2 codec for QuickTime. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue by not rendering content
encoded with any version of the Indeo codec. This issue does not
affect systems running Mac OS X. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.
|
| Time needed for activity: |
1
|
| Sender department & institution: |
MC
|
