INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. |
| PLATFORM: | Apple QuickTime versions prior to 7.5 |
| DAMAGE: | Execute arbitrary code. |
| SOLUTION: | Upgrade to the appropriate version. |
| VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. By convincing a user to play a maliciously crafted QuickTime file, an attacker may be able to execute arbitrary code on a vulnerable system. |
| CVSS 2 BASE SCORE: TEMPORAL SCORE: VECTOR: |
6.4 5.3 (AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C) |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/s-318.shtml |
| ORIGINAL BULLETIN: | http://support.apple.com/kb/HT1991 |
| ADDITIONAL LINK: | US-CERT VU# 132419 http://www.kb.cert.org/vuls/id/132419 |
| CVE: | CVE-2008-1585 |
[***** Start HT1991 *****] Please visit Apple's Web site to view their Apple QuickTime 7.5
http://support.apple.com/kb/HT1991
[***** End HT1991 *****]
Voice: +1 925-422-8193 (7 x 24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org