Submission + - Apple responds to MOAB bug
netsfr writes: Some slashdotters and others thought that Apple may not respond to the Month Of Apple Bugs, but Apple has posted a bug fix for the Quicktime bug posted earler on the MOAB website. Quote from Apple's website: http://docs.info.apple.com/article.html?artnum=304 989
Security Update 2007-001
*
QuickTime
CVE-ID: CVE-2007-0015
Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
Impact: Visiting malicious websites may lead to arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.
Security Update 2007-001
*
QuickTime
CVE-ID: CVE-2007-0015
Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
Impact: Visiting malicious websites may lead to arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.