Archive

Archive for January 17, 2008

QuickTime 7.4 Fixes Multiple Vulnerabilities

January 17, 2008 Leave a comment
Apple recently released QuickTime 7.4 which includes fixes for multiple vulnerabilities. This new version addresses four issues that affects Mac OS X 10.2.9 or later, Windows Vista and XP SP2.

The vulnerabilities that was addressed includes following:

(1) Memory corruption in QuickTime’s handling of Sorenson 3 video files.

(2) Memory corruption in QuickTime’s handling of Macintosh Resource records in movie files.

(3) Memory corruption in QuickTime’s parsing of Image Descriptor (IDSC) atoms.

(4) Buffer overflow in processing a compressed PICT image.

However, the recent buffer overflow found in “QuickTime RSTP response” still remains unpatched.

Thus, Quicktime users are advised not to play streaming media that uses rstp protocol (rstp:\\) until a fix is made available.

Categories: Vulnerability Tags:

Zero Day Exploit: MS Excel Allows Remote Code Execution

January 17, 2008 4 comments

There is a zero day flaw found in Microsoft Excel and this vulnerability affects the following version:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac

What causes this threat ?

When a user opens a specially crafted Excel file and that has a malformed header information, the system encounters unspecified error, which can be exploited by malicious users and could lead to execution of arbitrary code.

According to Microsoft, there is an active attacks that currently exploits this vulnerabiltity. Thus, users are advised not to open untrusted Excel file.

Categories: Exploits, Vulnerability Tags: , , , , , , ,
Follow

Get every new post delivered to your Inbox.