Four QuickTime exploits fixed in latest release
updated 11:35 am EST, Fri November 4, 2005
QuickTime vulnerabilities
Four vulnerabilities today surfaced in older versions of QuickTime, allowing denial of service (DoS) attacks to be executed, and potentially allowing an attacker to compromise users' systems, according to a security advisory from Secunia. The , which was released in October and affect QuickTime 6.5.2 and 7.0.1 for Mac OS X, as well as QuickTime 7.x prior to 7.0.3 for Windows. Secunia notes an integer overflow error when loading a ".mov" video file as well as an error that could occur when handling certain missing movie attributes from a video file--both of which could lead to a denial of service attack and cause QuickTime applications to crash. In addition, a bug in QuickTime PictureViewer decompression could lead to arbitrary code execution via a specially crafted "PICT" picture file, according to the report.


