----- Forwarded message from Product Security <product-security@apple.com> ----- Date: Mon, 31 Mar 2003 13:29:36 -0800 Subject: QuickTime 6.1 for Windows is available From: Product Security <product-security@apple.com> To: <security-announce@lists.apple.com> Message-ID: <BAADF340.A6%product-security@apple.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2003-03-31 QuickTime Player for Windows A potential vulnerability in Apple's QuickTime Player for Windows could allow a remote attacker to compromise a target system. This exploit is only possible if the attacker can convince a user to load a specially crafted QuickTime URL. Upon successful exploitation, arbitrary code can be executed under the privileges of the QuickTime user. CVE Candidate ID: CAN-2003-0168 Versions affected: QuickTime Player versions 5.x and 6.0 for Windows. QuickTime Player for Mac OS and Mac OS X are not affected. Recommendation: Install QuickTime version 6.1 for Windows QuickTime 6.1 for Windows is available via: http://www.apple.com/quicktime/download/ - or - "Update Existing Software" menu item in QuickTime Player Credit to Texonet (http://www.texonet.com/) for discovering this vulnerability. Apple Product Security http://www.apple.com/support/security/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQEVAwUBPoixCSFlYNdE6F9oAQIOsQgAl+bbm4FwcobpmHHvZRY7zf71BZh6USfn chgtHB3n4L/vnoZrFK8z4f66/Cn8mCjy+vF9Pfk3FcUyJnHed3wm6fVlkbnwJCCJ p2b8fK+HwNyXYXaR8D0o7eFbR9N3GRu1caN4+zhKYehQVMnzkopLI9LzHF3iKVC7 9ULLwNheRoiQbd5+q1wtkaj1fweXfqHG/LO2+kKaBGNhhrSgipFI1iamvQTZ8o5A CCfT1RTejcZQY0PnMnqS9+S/wqT9bbRCkMVY3+9HBTZAzrhudED/yDMqwFKv2ofP 51JG5FaDNUT8LVFm6kfRzR719MHqVojGIgNNzpnvGNRb8bWmFE9MKw== =sB+X -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored. ----- End forwarded message -----
