Obsolete QT updates

[AplusWebMaster]

FYI...

QuickTime 7.3.1 released
- http://docs.info.apple.com/article.html?artnum=307176
December 13, 2007
"...CVE-ID: CVE-2007-6166 - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6166
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data"

Download:
> http://www.apple.com/support/downloa...orwindows.html
-or-
Use the Apple Software Update icon on your system.

[AplusWebMaster]

FYI...

QuickTime 7.4 released
- http://docs.info.apple.com/article.html?artnum=307301

Download:
> http://www.apple.com/support/downloa...orwindows.html
Post Date: January 15, 2008

Apple security updates
- http://docs.info.apple.com/article.html?artnum=61798
Last Modified on: January 15, 2008

- http://isc.sans.org/diary.html?storyid=3852
Last Updated: 2008-01-15 22:09:15 UTC - "...Note that this update does not yet appear to resolve the critical vulnerability reported last week by Luigi Auriemma (VU #112179*)."
* http://www.kb.cert.org/vuls/id/112179

:(

[AplusWebMaster]

FYI...

QuickTime 7.4.1 released
- http://www.apple.com/support/downloa...orwindows.html
February 6, 2008 - "QuickTime 7.4.1 addresses security issues and improves compatibility with third-party applications. This release is recommended for all QuickTime 7 users..."
> http://docs.info.apple.com/article.html?artnum=61798
QuickTime 7.4.1
Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista / XP
06 Feb 2008

[AplusWebMaster]

FYI...

QuickTime v7.4.5 for Windows
- http://www.apple.com/support/downloads/
04/02/2008
"This release is recommended for all QuickTime 7 users..."

QuickTime v7.4.5 for Windows
- http://www.apple.com/support/downloa...orwindows.html

Security content of QuickTime 7.4.5
- http://support.apple.com/kb/HT1241

- http://www.apple.com/support/quicktime/

- http://isc.sans.org/diary.html?storyid=4232
Last Updated: 2008-04-03 12:14:28 UTC - "...QuickTime version 7.4.5 which addresses 11 vulnerabilities. Vulnerabilities range from denial of service attacks, information leaks to (of course) remote code execution..."

- http://secunia.com/advisories/29650/
Release Date: 2008-04-03
Critical: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 7.4.5...

[AplusWebMaster]

FYI...

QuickTime 7.5
- http://isc.sans.org/diary.html?storyid=4547
Last Updated: 2008-06-10 11:27:16 UTC - "...Apple's security improvements* include fixes for:
- CVE-2008-1581: PICT images can lead to an heap overflow and code execution
- CVE-2008-1582: AAC coded media can lead to code execution
- CVE-2008-1583: PICT images can lead to an heap overflow and code execution
- CVE-2008-1584: Indeo video codec can lead to a stack buffer overflow and code execution - note the fix: "This update addresses the issue by not rendering Indeo video codec content."
- CVE-2008-1585: URL handling of URLs in QuickTime files could lead to attacker controlled application launch and code execution - note the fix: "This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them."
* http://support.apple.com/kb/HT1991

Download:
- http://www.apple.com/quicktime/download/

[AplusWebMaster]

FYI...

QuickTime v7.5.5 released
- http://www.apple.com/quicktime/download/
09.09.2008

QuickTime 7.5.5
- http://support.apple.com/kb/HT3027
Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP, SP2, and SP3
09 Sept 2008

- http://isc.sans.org/diary.html?storyid=5014
Last Updated: 2008-09-09 20:28:34 UTC - "...The QuickTime update to 7.5.5 refers to following CVE names: CVE-2008-3615, CVE-2008-3635, CVE-2008-3624, CVE-2008-3625, CVE-2008-3614, CVE-2008-3626, CVE-2008-3627, CVE-2008-3628, CVE-2008-3629
...All of them are relating to opening "crafted" media files. Read: it's the typical list of input validation failures leading to code execution. You want this one if you have QuickTime installed..."

- http://secunia.com/advisories/31821/
Release Date: 2008-09-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3614
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3615
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3624
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3625
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3626
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3627
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3628
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3629
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-3635

- http://www.us-cert.gov/current/#appl...urity_updates1