TITLE:
Mac OS X KHTMLParser Denial of Service Weakness
SECUNIA ADVISORY ID:
SA18220
VERIFY ADVISORY:
http://secunia.com/advisories/18220/
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Tom Ferris has discovered a weakness in Mac OS X, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error in the KHTMLParser when
parsing certain malformed HTML documents. This can be exploited to
crash an application that uses the parser via a specially crafted
HTML file. In certain cases, this may cause the system to become
unresponsive.
The weakness has been confirmed to affect TextEdit and Safari in Mac
OS X with Security Update 2005-009. Other applications that use the
parser may also be affected.
SOLUTION:
Do not open or follow links to HTML files from non-trusted sources.
PROVIDED AND/OR DISCOVERED BY:
Tom Ferris
ORIGINAL ADVISORY:
http://security-protocols.com/advisory/sp-x22-advisory.txt
TITLE:
QuickTime Alternative QuickTime Codec Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA18202
VERIFY ADVISORY:
http://secunia.com/advisories/18202/
CRITICAL:
Moderately critical
IMPACT:
Unknown, DoS
WHERE:
From remote
SOFTWARE:
QuickTime Alternative 1.x
http://secunia.com/product/6647/
DESCRIPTION:
A vulnerability has been discovered in QuickTime Alternative, which
can be exploited by malicious people to cause a DoS (Denial of
Service), and with an unknown impact.
The vulnerability is caused due to the use of a vulnerable version of
QuickTime codec.
For more information:
SA18149
The vulnerability has been confirmed in version 1.67. Other versions
may also be affected.
SOLUTION:
Do not open ".mov" files from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
pippo
OTHER REFERENCES:
SA18149:
http://secunia.com/advisories/18149/
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic