This issue does notĪffect systems running Mac OS X. Performing additional validation of MPEG-2 files. Accessing a maliciouslyĬrafted movie file may lead to an unexpected application termination Unexpected application termination or arbitrary code executionĭescription: An input validation issue exists in the QuickTime Impact: Viewing a maliciously crafted movie file may lead to an The QuickTime MPEG-2 Playback Component for Windows is now availableĪvailable for: Windows Vista, XP SP2 and SP3 Subject: APPLE-SA- QuickTime MPEG-2 Playback ComponentĪPPLE-SA- QuickTime MPEG-2 Playback Component Underlying OS: Windows (Vista), Windows (XP) Vendor URL: /kb/HT3404 (Links to External Site) Users of earlier versions of the QuickTime MPEG-2 Playback Component from the Apple Store can download the updated version for free. Richard Lemon of Code Lemon reported this vulnerability.Ī remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. Systems running Mac OS X are not affected.
The QuickTime MPEG-2 Playback Component is not installed by default with QuickTime. The code will run with the privileges of the target user. A remote user can cause arbitrary code to be executed on the target user's system.Ī remote user can create a specially crafted MPEG-2 movie file that, when loaded by the target user, will execute arbitrary code on the target system. Version(s): MPEG-2 Playback Component for Windows prior to 7.60.92.0Ī vulnerability was reported in the QuickTime MPEG-2 Playback Component for Windows.
Impact: Execution of arbitrary code via network, User access via network QuickTime Input Validation Flaw in MPEG-2 Playback Component for Windows Lets Remote Users Execute Arbitrary CodeĬVE Reference: CVE-2009-0008 (Links to External Site) Home | View Topics | Search | Contact Us | QuickTime Input Validation Flaw in MPEG-2 Playback Component for Windows Lets Remote Users Execute Arbitrary Code - SecurityTracker
0 kommentar(er)
