Wednesday, January 16, 2008

QuickTime 7.4 Fixes Multiple Vulnerabilities

Apple recently released QuickTime 7.4 which includes fixes for multiple vulnerabilities. This new version addresses four issues that affects Mac OS X 10.2.9 or later, Windows Vista and XP SP2.

The vulnerabilities that was addressed includes following:

(1) Memory corruption in QuickTime's handling of Sorenson 3 video files.

(2) Memory corruption in QuickTime's handling of Macintosh Resource records in movie files.

(3) Memory corruption in QuickTime's parsing of Image Descriptor (IDSC) atoms.

(4) Buffer overflow in processing a compressed PICT image.


However, the recent buffer overflow found in "QuickTime RSTP response" still remains unpatched.

Thus, Quicktime users are advised not to play streaming media that uses rstp protocol (rstp:\\) until a fix is made available.