From http://docs.info.apple.com/article.html?artnum=304989:
Security Update 2007-001
QuickTime
CVE-ID: CVE-2007-0015
Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server
v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
Impact: Visiting malicious websites may lead to arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of RTSP
URLs. By enticing a user to access a maliciously-crafted RTSP URL, an
attacker can trigger the buffer overflow, which may lead to arbitrary
code execution. A QTL file that triggers this issue has been
published on the Month of Apple Bugs web site (MOAB-01-01-2007). This
update addresses the issue by performing additional validation of
RTSP URLs.
--
John Bafford
dsh...@zort.net
http://www.dshadow.com/
With only one bug fixed this time, I have a bad feeling that this is
going to be a long process.
On Jan 23, 5:31 pm, John Bafford <dsha...@zort.net> wrote:
> Now, all we need is Apple fixes for the rest of the Apple MOAB fixes...
>
> Fromhttp://docs.info.apple.com/article.html?artnum=304989:
> Security Update 2007-001
>
> QuickTime
>
> CVE-ID: CVE-2007-0015
>
> Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server
> v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
>
> Impact: Visiting malicious websites may lead to arbitrary code execution
>
> Description: A buffer overflow exists in QuickTime's handling of RTSP
> URLs. By enticing a user to access a maliciously-crafted RTSP URL, an
> attacker can trigger the buffer overflow, which may lead to arbitrary
> code execution. A QTL file that triggers this issue has been
> published on the Month of Apple Bugs web site (MOAB-01-01-2007). This
> update addresses the issue by performing additional validation of
> RTSP URLs.
>
> --
> John Bafford
> dsha...@zort.nethttp://www.dshadow.com/
On Jan 23, 9:56 pm, "frozenINcarbonite" <adr...@gosquareone.com> wrote:
> > Now, all we need is Apple fixes for the rest of the Apple MOAB fixes...With only one bug fixed this time, I have a bad feeling that this is
Ah, #23 explains #22 a little. It almost seems like they're wording
it so a crash could lead to a root shell in all cases. When it'd only
do such a thing if you actively had an real malicious input manager
installed already that overwrite a file. (Because the dialog
notifying you of a crash launches the User Notification Center
application, which is what the input manager uses to do its thing).
But a crash would only lead to this particular series of events if
you had such an input manager installed already.
Ack, at 1/23/07, frozenINcarbonite said:
>And besides this patch doesn't help with the new MOAB #23.
>
>On Jan 23, 9:56 pm, "frozenINcarbonite" <adr...@gosquareone.com> wrote:
>> > Now, all we need is Apple fixes for the rest of the Apple MOAB
>>fixes...With only one bug fixed this time, I have a bad feeling
>>that this is
>> going to be a long process.
> >
--
Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug
Unsanity: Unsane Tools for Insanely Great People
It's either this, or imagining Phil Schiller in a thong.
On Jan 24, 4:34 pm, Rosyna <ros...@gmail.com> wrote:
>
> But a crash would only lead to this particular series of events if
> you had such an [malicious] input manager installed already.
>
that was my take on #22 too, but then I'm already quoted
in their source as a doofus....
d
http://www.itwire.com.au/content/view/8985/53/
"If you have already installed a [malicious] input manager...."
--