CERTA-2003-AVI-071
Vulnerability from certfr_avis - Published: - Updated:
Un débordement de mémoire dans Quicktime Player permet d'exécuter du code arbitraire à distance.
Description
Quicktime Player est un lecteur de vidéo.
Un débordement de mémoire a été découvert dans le processus de traitement d'un lien hypertexte. Un lien hypertexte pour Quicktime Player est de la forme quicktime:// et invoque la commande QuickTimePlayer.exe -u.
Un utilisateur mal intentionné peut inciter une victime (par le biais d'un message électronique par exemple) à suivre un lien habilement constitué afin d'exécuter du code arbitraire à distance sur sa machine.
Solution
Installer la version 6.1 de Quicktime Player :
http://www.apple.com/swupdates
Quicktime Player versions 5.x et version 6.0 pour Windows.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003e\u003cTT\u003eQuicktime Player\u003c/TT\u003e versions 5.x et version 6.0 pour Windows.\u003c/P\u003e",
"content": "## Description\n\nQuicktime Player est un lecteur de vid\u00e9o.\n\nUn d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couvert dans le processus de\ntraitement d\u0027un lien hypertexte. Un lien hypertexte pour Quicktime\nPlayer est de la forme quicktime:// et invoque la commande\nQuickTimePlayer.exe -u.\n\nUn utilisateur mal intentionn\u00e9 peut inciter une victime (par le biais\nd\u0027un message \u00e9lectronique par exemple) \u00e0 suivre un lien habilement\nconstitu\u00e9 afin d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur sa machine.\n\n## Solution\n\nInstaller la version 6.1 de Quicktime Player :\n\n http://www.apple.com/swupdates\n",
"cves": [],
"links": [],
"reference": "CERTA-2003-AVI-071",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Un d\u00e9bordement de m\u00e9moire dans Quicktime Player permet d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 de Quicktime Player sous Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 d\u0027Apple",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…