Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 5, 2007

by Marianna Schmudlach / March 4, 2007 2:58 PM PST

webSPELL PHP Code Execution (Exploit)

"webSPELL is a free Content Management System (CMS) for clans and gaming communities, providing all needed features like forums, gallery, clanwar system and co."

There is a PHP code execution vulnerability in webSPELL.

Vulnerable Systems:
* webSPELL versions 4.01.02 and prior.


Credit:
The information has been provided by milw0rm.
The original article can be found at:
http://www.milw0rm.com/exploits/3402

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 5, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 5, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
TurboFTP Multiple DoS (Exploit)
by Marianna Schmudlach / March 4, 2007 3:00 PM PST

TurboFTP is "a secure FTP client program (supports FTP over SSL/TLS and SFTP over SSH2) for Windows 9x/ME/NT4/2000/XP/2003". Multiple vulnerabilities in TurboFTP allows remote attackers to cause the FTP client to crash.

Credit:
The information has been provided by Marsu.
The original article can be found at: http://www.milw0rm.com/exploits/3341

Collapse -
FTP Voyager CWD Stack Overflow (Exploit)
by Marianna Schmudlach / March 4, 2007 3:01 PM PST

FTP Voyager is "the most powerful FTP client for Windows on the market". A vulnerability in the way FTP Voyager handles CWD responses allows attackers to overflow the product's internal buffer allowing an attacker to cause it to execute arbitrary code.

Credit:
The information has been provided by Marsu.
The original article can be found at: http://www.milw0rm.com/exploits/3343

Collapse -
Lenovo Intel PRO/1000 LAN Adapter Software Unspecified Vuln.
by Donna Buenaventura / March 4, 2007 9:13 PM PST

Lenovo Intel PRO/1000 LAN Adapter Software Unspecified Vulnerability
Software: Lenovo Intel PRO/1000 LAN Adapter Software 4.x
Description:
A vulnerability with unknown impact has been reported in Lenovo's Intel PRO/1000 LAN adapter software for Windows.

The vulnerability is caused due to an unspecified error in the Intel PRO/1000 LAN adapter software.

Solution: Update to build 135400.

Provided and/or discovered by: Reported by the vendor.

Original Advisory:
Lenovo: http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922
http://secunia.com/advisories/24349/

Collapse -
Simple Invoices PDF Print Preview Security Bypass
by Marianna Schmudlach / March 5, 2007 12:15 AM PST

TITLE:
Simple Invoices PDF Print Preview Security Bypass

SECUNIA ADVISORY ID:
SA24402

VERIFY ADVISORY:
http://secunia.com/advisories/24402/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Simple Invoices
http://secunia.com/product/13415/

DESCRIPTION:
justin has reported a vulnerability in Simple Invoices, which can be
exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to the print preview pages not
properly supporting the login authentication mechanism. This can be
exploited to preview invoices without proper authentication.

The vulnerability is reported in versions prior to 2007 03 05.

SOLUTION:
Update to version 2007 03 05.

PROVIDED AND/OR DISCOVERED BY:
justin

ORIGINAL ADVISORY:
http://code.google.com/p/simpleinvoices/issues/detail?id=35

Collapse -
rpath update for tcpdump
by Marianna Schmudlach / March 5, 2007 12:16 AM PST

TITLE:
rpath update for tcpdump

SECUNIA ADVISORY ID:
SA24354

VERIFY ADVISORY:
http://secunia.com/advisories/24354/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

OPERATING SYSTEM:
rPath Linux 1.x
http://secunia.com/product/10614/

DESCRIPTION:
rpath has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information:
SA24318

SOLUTION:
Update to tcpdump=/conary.rpath.com@rpl:devel//1/3.9.5-0.1-1.

ORIGINAL ADVISORY:
http://lists.rpath.com/pipermail/security-announce/2007-March/000155.html

OTHER REFERENCES:
SA24318:
http://secunia.com/advisories/24318

Collapse -
MailEnable IMAP Service "APPEND" Buffer Overflow
by Marianna Schmudlach / March 5, 2007 12:18 AM PST

TITLE:
MailEnable IMAP Service "APPEND" Buffer Overflow

SECUNIA ADVISORY ID:
SA24361

VERIFY ADVISORY:
http://secunia.com/advisories/24361/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
MailEnable Professional 2.x
http://secunia.com/product/10625/
MailEnable Enterprise Edition 2.x
http://secunia.com/product/10427/

DESCRIPTION:
mu-b has discovered a vulnerability in MailEnable, which can be
exploited by malicious users to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the IMAP
service when processing arguments passed to the "APPEND" command.
This can be exploited to cause a stack-based buffer overflow via an
overly long (greater than 128 bytes), specially crafted string as
argument to the affected command.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version MailEnable Professional
2.37. Other versions may also be affected.

SOLUTION:
Grant access to trusted users only.

PROVIDED AND/OR DISCOVERED BY:
mu-b

Collapse -
WordPress Command Execution and PHP "eval()" Injection
by Marianna Schmudlach / March 5, 2007 12:19 AM PST

TITLE:
WordPress Command Execution and PHP "eval()" Injection

SECUNIA ADVISORY ID:
SA24374

VERIFY ADVISORY:
http://secunia.com/advisories/24374/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
WordPress 2.x
http://secunia.com/product/6745/

DESCRIPTION:
Ivan Fratric has reported two vulnerabilities in WordPress, which can
be exploited by malicious people to compromise vulnerable systems.

1) Input passed to the "ix" parameter in wp-includes/feed.php is not
properly sanitised before being used in "eval()" calls. This can be
exploited to execute arbitrary PHP code.

2) Input passed to the "iz" parameter in wp-includes/theme.php is not
properly sanitised before being used to execute commands. This can be
exploited to execute arbitrary shell commands.

NOTE: The vulnerabilities were reportedly added by someone breaking
into WordPress's servers.

The vulnerabilities are reported in version 2.1.1 downloaded on
2007-02-25 or later.

SOLUTION:
Update to version 2.1.2.

PROVIDED AND/OR DISCOVERED BY:
Ivan Fratric

ORIGINAL ADVISORY:
Ivan Fratric:
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html

WordPress:
http://wordpress.org/development/2007/03/upgrade-212/

Collapse -
Apache Tomcat JK Web Server Connector Long URL Buffer Overfl
by Marianna Schmudlach / March 5, 2007 12:20 AM PST

TITLE:
Apache Tomcat JK Web Server Connector Long URL Buffer Overflow

SECUNIA ADVISORY ID:
SA24398

VERIFY ADVISORY:
http://secunia.com/advisories/24398/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Apache Tomcat 5.x
http://secunia.com/product/3571/
Apache Tomcat 4.x
http://secunia.com/product/328/
Apache Tomcat JK Web Server Connector 1.x
http://secunia.com/product/13598/

DESCRIPTION:
A vulnerability has been reported in Apache Tomcat JK Web Server
Connector, which can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error within the
"map_uri_to_worker()" function in the mod_jk.so library. This can be
exploited to cause a stack-based buffer overflow via an overly long
(more than 4,095 bytes) URL request.

Successful exploitation allows execution of arbitrary code.

The vulnerability reportedly only affects versions 1.2.19 and 1.2.20.
Tomcat versions 5.5.20 and 4.1.34 are reportedly also affected as they
contain the vulnerable connector version in their source packages.

SOLUTION:
Update to version 1.2.21.

PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous researcher and reported via ZDI.

ORIGINAL ADVISORY:
Apache Tomcat:
http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html
http://tomcat.apache.org/security-jk.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-008.html

Collapse -
Lenovo Intel PRO/1000 LAN Adapter Software Unspecified Vulne
by Marianna Schmudlach / March 5, 2007 12:21 AM PST

TITLE:
Lenovo Intel PRO/1000 LAN Adapter Software Unspecified Vulnerability

SECUNIA ADVISORY ID:
SA24349

VERIFY ADVISORY:
http://secunia.com/advisories/24349/

CRITICAL:
Moderately critical

IMPACT:
Unknown

WHERE:
From remote

SOFTWARE:
Lenovo Intel PRO/1000 LAN Adapter Software 4.x
http://secunia.com/product/13599/

DESCRIPTION:
A vulnerability with unknown impact has been reported in Lenovo's
Intel PRO/1000 LAN adapter software for Windows.

The vulnerability is caused due to an unspecified error in the Intel
PRO/1000 LAN adapter software.

SOLUTION:
Update to build 135400.
http://www-307.ibm.com/pc/support/site.wss/license.do?filename=mobiles/7ira09ww.exe

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
Lenovo:
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922

Collapse -
Kaspersky Anti-Virus Engine UPX Processing Denial of Service
by Marianna Schmudlach / March 5, 2007 12:22 AM PST

TITLE:
Kaspersky Anti-Virus Engine UPX Processing Denial of Service

SECUNIA ADVISORY ID:
SA24391

VERIFY ADVISORY:
http://secunia.com/advisories/24391/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Kaspersky Anti-Virus 4.x
http://secunia.com/product/916/
Kaspersky Anti-Virus 5.x
http://secunia.com/product/2781/
Kaspersky Anti-Virus 6.x
http://secunia.com/product/10470/
Kaspersky Internet Security 6.x
http://secunia.com/product/10471/
Kaspersky Online Scanner 5.x
http://secunia.com/product/12705/
Kaspersky Personal Security Suite 1.x
http://secunia.com/product/5804/
Kaspersky SMTP Gateway 5.x
http://secunia.com/product/4100/

DESCRIPTION:
A vulnerability has been reported in Kaspersky's Anti-Virus engine,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

The vulnerability is caused due to an error within the handling of
UPX-compressed executables that contain negative data offsets. This
can be exploited to cause the application to consume large amounts of
CPU resources, which can e.g. render a client-system unusable or
degrade the performance of a server.

The vulnerability is reported in version 6.0.1.411 for Windows and
5.5-10 for Linux. Other versions may also be affected.

SOLUTION:
The fix is reportedly available via automatic updates since February
7, 2007.

PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous researcher and reported via iDefense Labs.

ORIGINAL ADVISORY:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485

Collapse -
Red Hat update for thunderbird
by Marianna Schmudlach / March 5, 2007 12:24 AM PST

TITLE:
Red Hat update for thunderbird

SECUNIA ADVISORY ID:
SA24395

VERIFY ADVISORY:
http://secunia.com/advisories/24395/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/
RedHat Enterprise Linux ES 4
http://secunia.com/product/4668/
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/

DESCRIPTION:
Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which potentially can be exploited by malicious
people to compromise a user's system.

For more information:
SA24252

SOLUTION:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0078.html

OTHER REFERENCES:
SA24252:
http://secunia.com/advisories/24252/

Collapse -
Fedora update for kernel
by Marianna Schmudlach / March 5, 2007 12:25 AM PST

TITLE:
Fedora update for kernel

SECUNIA ADVISORY ID:
SA24400

VERIFY ADVISORY:
http://secunia.com/advisories/24400/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, DoS

WHERE:
From local network

OPERATING SYSTEM:
Fedora Core 6
http://secunia.com/product/12487/
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and potentially gain escalated
privileges, and by malicious people to cause a DoS.

For more information:
SA23955
SA24215

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2739
http://fedoranews.org/cms/node/2740

OTHER REFERENCES:
SA23955:
http://secunia.com/advisories/23955/

SA24215:
http://secunia.com/advisories/24215/

Collapse -
Gentoo update for emul-linux-x86-qtlibs
by Marianna Schmudlach / March 5, 2007 12:26 AM PST

TITLE:
Gentoo update for emul-linux-x86-qtlibs

SECUNIA ADVISORY ID:
SA24347

VERIFY ADVISORY:
http://secunia.com/advisories/24347/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for emul-linux-x86-qtlibs. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application
using the library.

For more information:
SA22380

SOLUTION:
Update to "app-emulation/emul-linux-x86-qtlibs-10.0" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-06.xml

OTHER REFERENCES:
SA22380:
http://secunia.com/advisories/22380/

Collapse -
Debian update for gnomemeeting and ekiga
by Marianna Schmudlach / March 5, 2007 12:29 AM PST

TITLE:
Debian update for gnomemeeting and ekiga

SECUNIA ADVISORY ID:
SA24379

VERIFY ADVISORY:
http://secunia.com/advisories/24379/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for gnomemeeting and ekiga. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

For more information:
SA24194

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00017.html

OTHER REFERENCES:
SA24194:
http://secunia.com/advisories/24194/

Collapse -
Gentoo Multiple Vulnerabilities in mozilla and mozilla-bin
by Marianna Schmudlach / March 5, 2007 12:30 AM PST

TITLE:
Gentoo Multiple Vulnerabilities in mozilla and mozilla-bin

SECUNIA ADVISORY ID:
SA24352

VERIFY ADVISORY:
http://secunia.com/advisories/24352/

CRITICAL:
Highly critical

IMPACT:
Cross Site Scripting, Exposure of sensitive information, System
access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has acknowledged several vulnerabilities in mozilla and
mozilla-bin, which can be exploited by malicious people to gain
knowledge of potentially sensitive information, conduct cross-site
scripting attacks, and potentially compromise a user's system.

SOLUTION:
The vendor recommends removing the affected "www-client/mozilla" and
"www-client/mozilla-bin" packages.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-05.xml

Collapse -
Gentoo update for mozilla-firefox and mozilla-firefox-bin
by Marianna Schmudlach / March 5, 2007 12:33 AM PST

TITLE:
Gentoo update for mozilla-firefox and mozilla-firefox-bin

SECUNIA ADVISORY ID:
SA24393

VERIFY ADVISORY:
http://secunia.com/advisories/24393/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, System access

WHERE:
From remote

OPERATING SYSTEM:
Gentoo Linux 1.x
http://secunia.com/product/339/

DESCRIPTION:
Gentoo has issued an update for mozilla-firefox and
mozilla-firefox-bin. This fixes some vulnerabilities, which can be
exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting and spoofing attacks,
gain knowledge of sensitive information, and potentially compromise a
user's system.

For more information:
SA24205

SOLUTION:
All Mozilla Firefox 1.5 users should update to:
"www-client/mozilla-firefox-1.5.0.10" or later.

All Mozilla Firefox 1.5 binary users should update to:
"www-client/mozilla-firefox-bin-1.5.0.10" or later.

All Mozilla Firefox 2 users should update to:
"www-client/mozilla-firefox-2.0.0.2" or later.

All Mozilla Firefox 2 binary users should update to:
"www-client/mozilla-firefox-bin-2.0.0.2" or later.

ORIGINAL ADVISORY:
http://www.gentoo.org/security/en/glsa/glsa-200703-04.xml

OTHER REFERENCES:
SA24205:
http://secunia.com/advisories/24205/

Collapse -
Konqueror DoS via JavaScript Read of FTP iframe
by Marianna Schmudlach / March 5, 2007 12:39 AM PST

Konqueror crashes if JavaScript code tries to read the source of a child iframe which is set to an ftp:// URL. It is possible for malicious websites to crash Konqueror and possibly other applications with rely on KJS.

Credit:
The information has been provided by Mark.
The original article can be found at:
http://bindshell.net/advisories/konq355


Vulnerable Systems:
* Gentoo and Debian running KDE 3.5.5.

Collapse -
PHP4 phpinfo() XSS Vulnerability (Reintroduced)
by Marianna Schmudlach / March 5, 2007 12:40 AM PST

The phpinfo() function "gives detailed information about the current environment of PHP. This includes a dump of the request variables that were sent".

With PHP 4.4.3 a previously fixed bug that was disclosed at the end of October 2005 by the Hardened-PHP Project was reintroduced. Again phpinfo() does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability.

Credit:
The information has been provided by Hardened-PHP Project.
The original article can be found at:
http://www.php-security.org/MOPB/MOPB-08-2007.html

Vulnerable Systems:
* PHP versions 4.4.3 to 4.4.6
* CVS version of PHP 6.0.

Collapse -
update - bugs in Oracle's database software
by Marianna Schmudlach / March 5, 2007 4:39 AM PST

t was previously thought that an attacker needed high-level privileges on the database to exploit so-called PL SQL injection vulnerabilities. With a new attack technique, that's no longer true, David Litchfield, a database security expert with NGS Software, said on Thursday at the Black Hat DC event here.

"It is a trick that can be used by attackers with minimal privileges to gain complete control of the database server," Litchfield said in an interview. "You can use the trick through a large number of vulnerabilities that were previously thought not to be that significant."

Litchfield, who has had Oracle in his crosshairs for some time, detailed his technique, dubbed "cursor injection," in a paper that was originally published last weekend (PDF) and discussed at the event. Examples of attack code that takes advantage of the tricks have already appeared, Litchfield said.

http://news.zdnet.com/2100-1009_22-6163545.html?tag=nl.e550

Collapse -
Apple QuickTime Multiple File Format Handling Remote Command
by Donna Buenaventura / March 5, 2007 8:08 AM PST

Execution Vulnerabilities

Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system.

The first issue is due to an integer overflow error when handling malformed 3GP video files, which could be exploited by attackers to execute arbitrary commands via a malicious web page.

The second flaw is due to a heap overflow error when handling a specially crafted MIDI file, which could be exploited by attackers to execute arbitrary commands by tricking a user into visiting a malicious web site.

The third vulnerability is due to a buffer overflow error when processing malformed QuickTime movies, which could be exploited by attackers to execute arbitrary commands via a malicious web page.

The fourth issue is due to an ineteger overflow error when handling malformed UDTA atoms in movie files, which could be exploited by attackers to execute arbitrary commands by convincing a user to visit a malicious web site.

The fifth issue is due to a heap overflow error when processing malformed PICT files, which could be exploited by attackers to execute arbitrary commands via a malicious web site.

The sixth vulnerability is due to a stack overflow error when handling a specially crafted QTIF file, which could be exploited by attackers to execute arbitrary commands by tricking a user into visiting a malicious web site.

The seventh issue is due to a integer overflow error when processing a malformed QTIF file, which could be exploited by attackers to execute arbitrary commands via a malicious web site.

The eighth vulnerability is due to a heap overflow error when handling a specially crafted QTIF file, which could be exploited by attackers to execute arbitrary commands by convincing a user to visit a malicious web site.

Affected Products

Apple QuickTime version 7.1.4 and prior

Solution

Upgrade to QuickTime version 7.1.5 :
http://www.apple.com/quicktime/download/

References

http://www.frsirt.com/english/advisories/2007/0825
http://docs.info.apple.com/article.html?artnum=305149

Credits

Vulnerabilities reported by JJ Reyes, Mike Price (McAfee AVERT Labs), Piotr Bania, Artur Ogloza, Sowhat (Nevis Labs), Zero Day Initiative, Ruben Santamarta and iDefense Labs.

ChangeLog

2007-03-05 : Initial release

Collapse -
Apple QuickTime Color Table ID Heap Corruption Vulnerability
Apple QuickTime Color Table ID Heap Corruption Vulnerability

DESCRIPTION

Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user.

The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed.

ANALYSIS

Exploitation allows an attacker to execute arbitrary code in the context of the current user.

In order to exploit this vulnerability, an attacker must persuade a victim into opening a specially crafted media file. This could be accomplished by either a direct link or referenced from a website under the attacker's control. No further interaction is required in the default configuration.

DETECTION

iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.

WORKAROUND

iDefense is currently unaware of any effective workarounds for this vulnerability.

VENDOR RESPONSE


Apple has addressed this vulnerability by releasing version 7.1.5 of Quicktime. More information can be found in Apple Advisory APPLE-SA-2007-03-05 at the following URL.
http://docs.info.apple.com/article.html?artnum=305149

DISCLOSURE TIMELINE

12/06/2006 Initial vendor notification
12/11/2007 Initial vendor response
02/01/2007 Second vendor notification
03/05/2007 Coordinated public disclosure

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?