广告广告
  加入我的最爱 设为首页 风格修改
首页 首尾
 手机版   订阅   地图  繁体 
您是第 2928 个阅读者
 
发表文章 发表投票 回覆文章
  可列印版   加为IE收藏   收藏主题   上一主题 | 下一主题   
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片
推文 x0
[漏洞修补] QuickTime 7.6.9 重要漏洞更新
QuickTime 7.6.9 重要漏洞更新
                                                                                                                                                                                                                                         重要漏洞更新
Critical Security Update Released for QuickTime 7.6.9

Apple has released version 7.6.9 of its QuicktTime player as a security update, addressing critical vulnerabilities that can potentially be exploited to execute arbitrary code.

Most of the security issues apply to QuickTime 7 on Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista and XP SP2 or later, but there are also two Windows-only flaws.

A number of fifteen vulnerabilities were patched in total, most of which can be exploited by tricking users into opening maliciously crafted image or movie files.

Two memory issues, CVE-2010-3787 and CVE-2010-3788, can be triggered via malformed JP2 (JPEG 2000) images and lead to unexpected application termination with the possibility of code execution.

Another three flaws, CVE-2010-3794, CVE-2010-3795 and CVE-2010-3801, can be exploited via maliciously crafted FlashPix images and have the same effect as the JP2 ones.

As far as bugs in the handling of movie files go, one concerns AVIs (CVE-2010-3789), two MPEGs (CVE-2010-3791 and CVE-2010-3792), one QTVRs (CVE-ID: CVE-2010-3802), one Sorenson-encoded (CVE-2010-3793), and three unspecified format (CVE-2010-1508, CVE-2010-4009 and CVE-2010-3790).

CVE-2010-1508 in particular affects only Windows-based systems and concerns the handling of Track Header (tkhd) atoms.

The other Windows-only flaw is identified as CVE-2010-0530 and stems from a file system permissions issue. It can be exploited to disclose sensitive information located in the "Apple Computer" directory.

Finally, the last remote code execution vulnerability (CVE-2010-3800) stems from improper handling of PICT files, a graphics format developed by Apple.

The QuickTime 7.6.9 update is only available for Windows and Mac OS X v10.5.8 (Leopard), because Mac OS X 10.6 comes with an entirely different version called QuickTime X.

QuickTime 7.6.9 for Windows can be downloaded
http://appldnld.apple.com/QuickTime/041-002...ckTimeInstaller.exe



爸爸 你一路好走
献花 x0 回到顶端 [楼 主] From:台湾台湾固网 | Posted:2010-12-09 01:17 |

首页  发表文章 发表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.016570 second(s),query:15 Gzip disabled
本站由 瀛睿律师事务所 担任常年法律顾问 | 免责声明 | 本网站已依台湾网站内容分级规定处理 | 连络我们 | 访客留言