James Delahunty
4 Oct 2007 17:44
Apple Inc. has issued updates that address security concerns with the Quicktime multimedia software for the Windows operating systems. The patch is for users of QuickTime v7.2 software, running Microsoft Windows Vista or Windows XP SP2. It addresses the vulnerability in CVE-2007-4673 which could allow an attacker to take control of a victim's PC.
The vulnerability is exploited with maliciously crafted files which are opened with QuickTime by unsuspecting users, leading to arbitrary code execution. "A command injection issue exists in QuickTime's handling of URLs in the qtnext field> in files with QTL content. By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution," Apple describes.
The update is available at: http://www.apple.com/support/downloads/
Source:
News.com