FYI...

QuickTime 7.4.1 released
- http://www.apple.com/support/downloads/qui...forwindows.html
February 6, 2008 - "QuickTime 7.4.1 addresses security issues and improves compatibility with third-party applications. This release is recommended for all QuickTime 7 users..."
> http://docs.info.apple.com/article.html?artnum=61798
QuickTime 7.4.1
Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista / XP
06 Feb 2008
-------------------------

New: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0778
Last revised: 2/14/2008
Vulnerable software and versions... Apple, Quicktime, 7.4.1, and previous
.

This post has been edited by AplusWebMaster: Jun 10 2008, 03:00 PM

FYI...

QuickTime 7.4.5 for Windows
- http://www.apple.com/support/downloads/
04/02/2008
"This release is recommended for all QuickTime 7 users..."

QuickTime 7.4.5 for Windows
- http://www.apple.com/support/downloads/qui...forwindows.html

- http://support.apple.com/kb/HT1241

- http://www.apple.com/support/quicktime/

- http://isc.sans.org/diary.html?storyid=4232
Last Updated: 2008-04-03 12:14:28 UTC - "...QuickTime version 7.4.5 which addresses 11 vulnerabilities. Vulnerabilities range from denial of service attacks, information leaks to (of course) remote code execution..."

- http://secunia.com/advisories/29650/
Release Date: 2008-04-03
Critical: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
...Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 7.4.5...



This post has been edited by AplusWebMaster: Apr 3 2008, 09:44 AM

FYI...

QuickTime 7.5
- http://isc.sans.org/diary.html?storyid=4547
Last Updated: 2008-06-10 11:27:16 UTC - "...Apple's security improvements* include fixes for:
- CVE-2008-1581: PICT images can lead to an heap overflow and code execution
- CVE-2008-1582: AAC coded media can lead to code execution
- CVE-2008-1583: PICT images can lead to an heap overflow and code execution
- CVE-2008-1584: Indeo video codec can lead to a stack buffer overflow and code execution - note the fix: "This update addresses the issue by not rendering Indeo video codec content."
- CVE-2008-1585: URL handling of URLs in QuickTime files could lead to attacker controlled application launch and code execution - note the fix: "This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them."
* http://support.apple.com/kb/HT1991

Download:
- http://www.apple.com/quicktime/download/

Also see: http://secunia.com/advisories/29293/
Release Date: 2008-06-10
Critical: Highly critical
Solution: Update to version 7.5...



This post has been edited by AplusWebMaster: Jun 10 2008, 02:58 PM

FYI...

QuickTime v7.5.5 released
- http://www.apple.com/quicktime/download/
09.09.2008

QuickTime 7.5.5
- http://support.apple.com/kb/HT3027
Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP, SP2, and SP3
09 Sept 2008

- http://isc.sans.org/diary.html?storyid=5014
Last Updated: 2008-09-09 20:28:34 UTC - "...The QuickTime update to 7.5.5 refers to following CVE names: CVE-2008-3615, CVE-2008-3635, CVE-2008-3624, CVE-2008-3625, CVE-2008-3614, CVE-2008-3626, CVE-2008-3627, CVE-2008-3628, CVE-2008-3629
...All of them are relating to opening "crafted" media files. Read: it's the typical list of input validation failures leading to code execution. You want this one if you have QuickTime installed..."

- http://secunia.com/advisories/31821/
Release Date: 2008-09-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3614
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3615
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3624
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3625
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3626
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3627
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3628
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3629
- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3635

- http://www.us-cert.gov/current/#apple_rele...curity_updates1



This post has been edited by AplusWebMaster: Sep 11 2008, 07:06 AM