SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple QuickTime Vendors:   Apple
QuickTime QTJava Deserialization Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019757
SecurityTracker URL:  http://securitytracker.com/id/1019757
CVE Reference:   CVE-2008-1013   (Links to External Site)
Date:  Apr 3 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.4.5
Description:   A vulnerability was reported in QuickTime. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Java applet that, when loaded by the target user, will trigger a QTJava object deserialization flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Adam Gowdiak reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fixed version (7.4.5), available from the Software Update application, or from the Apple Downloads site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5 or later
The download file is named: "QuickTime745Leopard.dmg"
Its SHA-1 digest is: 764ec0031f18ef999a95c6b20f417f8d2c05a10f

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named: "QuickTime745Tiger.dmg"
Its SHA-1 digest is: 60c9b3e205e4995324dc53b2a4500318fc994e6b

For Mac OS X v10.3.9
The download file is named: "QuickTime745Panther.dmg"
Its SHA-1 digest is: 2b3230fbb4dcd1436bf8856b87281915a654f821

For Windows Vista / XP SP2
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 4e507f48610f9a65be18b2c37ceead18da2d4c03

QuickTime with iTunes for Windows XP or Vista
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: ff2a3c234d164f30f8b1d05297a49a55f3f4e8c0

The vendor's advisory is available at:

http://support.apple.com/kb/HT1232

Vendor URL:  support.apple.com/kb/HT1232 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC