[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: QuickTime 6.1 for Windows is available



----- Forwarded message from Product Security <product-security@apple.com> -----

Date: Mon, 31 Mar 2003 13:29:36 -0800
Subject: QuickTime 6.1 for Windows is available
From: Product Security <product-security@apple.com>
To: <security-announce@lists.apple.com>
Message-ID: <BAADF340.A6%product-security@apple.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-03-31 QuickTime Player for Windows

A potential vulnerability in Apple's QuickTime Player for Windows could
allow a remote attacker to compromise a target system.  This exploit is
only possible if the attacker can convince a user to load a specially
crafted QuickTime URL.  Upon successful exploitation, arbitrary code
can be executed under the privileges of the QuickTime user.

CVE Candidate ID:  CAN-2003-0168

Versions affected:  QuickTime Player versions 5.x and 6.0 for Windows.
QuickTime Player for Mac OS and Mac OS X are not affected.

Recommendation:  Install QuickTime version 6.1 for Windows

QuickTime 6.1 for Windows is available via:
   http://www.apple.com/quicktime/download/
   - or -
   "Update Existing Software" menu item in QuickTime Player

Credit to Texonet (http://www.texonet.com/) for discovering this
vulnerability.

Apple Product Security

http://www.apple.com/support/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPoixCSFlYNdE6F9oAQIOsQgAl+bbm4FwcobpmHHvZRY7zf71BZh6USfn
chgtHB3n4L/vnoZrFK8z4f66/Cn8mCjy+vF9Pfk3FcUyJnHed3wm6fVlkbnwJCCJ
p2b8fK+HwNyXYXaR8D0o7eFbR9N3GRu1caN4+zhKYehQVMnzkopLI9LzHF3iKVC7
9ULLwNheRoiQbd5+q1wtkaj1fweXfqHG/LO2+kKaBGNhhrSgipFI1iamvQTZ8o5A
CCfT1RTejcZQY0PnMnqS9+S/wqT9bbRCkMVY3+9HBTZAzrhudED/yDMqwFKv2ofP
51JG5FaDNUT8LVFm6kfRzR719MHqVojGIgNNzpnvGNRb8bWmFE9MKw==
=sB+X
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


----- End forwarded message -----