[sldev] QuickTime 7.3.1 out - RTSP bug fixed?

Porsupah porsupah at ringtail.com
Thu Dec 13 19:14:25 PST 2007


<http://docs.info.apple.com/article.html?artnum=307176> notes the  
particular fixes included. Pertinent to SL would appear to be this one:
> CVE-ID: CVE-2007-6166
>
> Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X  
> v10.5 or later, Windows Vista, XP SP2
>
> Impact: Viewing a maliciously crafted RTSP movie may lead to an  
> unexpected application termination or arbitrary code execution
>
> Description: A buffer overflow exists in QuickTime's handling of  
> Real Time Streaming Protocol (RTSP) headers. By enticing a user to  
> view a maliciously crafted RTSP movie, an attacker may cause an  
> unexpected application termination or arbitrary code execution. This  
> update addresses the issue by ensuring that the destination buffer  
> is sized to contain the data.
>

If someone could verify this solves the recent QT-in-SL security  
issue, I'm sure we'd all be thankful.

QT7.3.1 is now available via Software Update for OS X, or as a  
standalone installer for Panther, Tiger, Leopard, XP, and Vista from:

<http://www.apple.com/support/downloads/>

-- Porsupah



More information about the SLDev mailing list