lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030401011807.GC8265@kosh.withay.com>
Date: Mon, 31 Mar 2003 18:18:08 -0700
From: Bryan Blackburn <blb@...ox.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Fwd: QuickTime 6.1 for Windows is available


----- Forwarded message from Product Security <product-security@...le.com> -----

Date: Mon, 31 Mar 2003 13:29:36 -0800
Subject: QuickTime 6.1 for Windows is available
From: Product Security <product-security@...le.com>
To: <security-announce@...ts.apple.com>
Message-ID: <BAADF340.A6%product-security@...le.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-03-31 QuickTime Player for Windows

A potential vulnerability in Apple's QuickTime Player for Windows could
allow a remote attacker to compromise a target system.  This exploit is
only possible if the attacker can convince a user to load a specially
crafted QuickTime URL.  Upon successful exploitation, arbitrary code
can be executed under the privileges of the QuickTime user.

CVE Candidate ID:  CAN-2003-0168

Versions affected:  QuickTime Player versions 5.x and 6.0 for Windows.
QuickTime Player for Mac OS and Mac OS X are not affected.

Recommendation:  Install QuickTime version 6.1 for Windows

QuickTime 6.1 for Windows is available via:
   http://www.apple.com/quicktime/download/
   - or -
   "Update Existing Software" menu item in QuickTime Player

Credit to Texonet (http://www.texonet.com/) for discovering this
vulnerability.

Apple Product Security

http://www.apple.com/support/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPoixCSFlYNdE6F9oAQIOsQgAl+bbm4FwcobpmHHvZRY7zf71BZh6USfn
chgtHB3n4L/vnoZrFK8z4f66/Cn8mCjy+vF9Pfk3FcUyJnHed3wm6fVlkbnwJCCJ
p2b8fK+HwNyXYXaR8D0o7eFbR9N3GRu1caN4+zhKYehQVMnzkopLI9LzHF3iKVC7
9ULLwNheRoiQbd5+q1wtkaj1fweXfqHG/LO2+kKaBGNhhrSgipFI1iamvQTZ8o5A
CCfT1RTejcZQY0PnMnqS9+S/wqT9bbRCkMVY3+9HBTZAzrhudED/yDMqwFKv2ofP
51JG5FaDNUT8LVFm6kfRzR719MHqVojGIgNNzpnvGNRb8bWmFE9MKw==
=sB+X
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@...ts.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


----- End forwarded message -----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ