In association with heise online

13 August 2010, 10:57

Apple patches QuickTime for Windows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released QuickTime 7.6.7 for Windows 7, Vista and XP to close a critical hole discovered about two weeks ago. The flaw is contained in the QuickTimeStreaming.qtx component; it is said to cause a buffer overflow when processing SMIL files whose URLs exceed the maximum length. This allows attackers to inject arbitrary code into a PC and execute it there. Users can potentially fall victim to the attack simply by visiting a specially crafted website.

According to Apple, Mac OS X is not affected by the problem. While the vendor is already offering the new Windows version 7.6.7 of QuickTime to download, users should avoid downloading the version that is bundled with iTunes – because this version still appears to contain the vulnerable QuickTime 7.6.6.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit